[Remote] Senior Program Analysis Engineer, Code at Semgrep

Remote

Apply Now

Not SpecifiedCompensation

Senior (5 to 8 years)Experience Level

Full TimeJob Type

UnknownVisa

Cybersecurity, Software Security, Application SecurityIndustries

Skills

Key technologies and capabilities for this role

Static AnalysisSecurity Tools DevelopmentProgramming Languages (e.g., multiple languages for static analysis)Vulnerability DetectionCode AnalysisCollaboration with Product Managers and Security ResearchersMentoring Junior Developers

Questions & Answers

Common questions about this position

What is the salary range for this position?

The salary range is $176,000-207,000 USD for the San Francisco Bay Area.

Is this a remote position or does it require being in the office?

This information is not specified in the job description.

What skills and experience are required for this role?

Candidates need 4+ years of software development experience with at least 3 years in program static analysis or equivalent, experience in a functional programming language like OCaml, Haskell, Rust, or F#, technical leadership experience, and excellent communication skills.

What is the team culture like at Semgrep?

The culture emphasizes collaboration with product managers, security researchers, and engineers, passion for shipping quickly and safely, solving user problems, mentoring junior developers, and influencing technical and product direction.

What makes a strong candidate for this Senior Program Analysis Engineer role?

Strong candidates have 4+ years of software development with 3+ years in static analysis, experience in functional languages, technical leadership guiding cross-functional teams, and proactive communication skills.

Semgrep

Vulnerability detection tool for software development

About Semgrep

Semgrep offers a tool that helps security engineers and developers identify and fix vulnerabilities in their code before deployment. It integrates into existing workflows, providing actionable insights while significantly reducing false positives in open-source vulnerabilities by up to 98% through reachability analysis. The tool is designed for speed, with average scan times of less than 5 minutes, allowing teams to quickly address security issues. Semgrep aims to enhance the security of the software development life cycle, improving productivity and reducing technical debt.

San Francisco, CaliforniaHeadquarters

2017Year Founded

$90.5MTotal Funding

SERIES_CCompany Stage

Enterprise Software, CybersecurityIndustries

51-200Employees

Benefits

Health Insurance

Paid Vacation

401(k) Retirement Plan

Professional Development Budget

Flexible Work Hours

Remote Work Options

Risks

Increased competition from Snyk and GitGuardian in the code analysis market.

Rapid evolution of programming languages may outpace Semgrep's tool updates.

Customer concerns about data privacy in cloud-based solutions could affect adoption.

Differentiation

Semgrep reduces false positives in vulnerabilities by up to 98% with reachability analysis.

The tool integrates seamlessly into existing workflows and ticketing systems for developers.

Average scan time is under 5 minutes, enhancing productivity and efficiency.

Upsides

Increased demand for supply chain security tools boosts Semgrep's market potential.

Rise of DevSecOps practices aligns with Semgrep's focus on SDLC security integration.

Growing popularity of IaC tools presents expansion opportunities for Semgrep.

Land your dream remote job 3x faster with AI

Try Jobo Free