Senior Software Security Engineer, Research & Engineering
Trail of Bits- Full Time
- Senior (5 to 8 years)
Semgrep is seeking a Program Analysis Engineer to join their Code product team. This role involves building user-facing security tools to enhance software security. You will expand Semgrep's static analysis capabilities, improve engine speed, and add new analysis features to detect vulnerabilities. The position offers opportunities to learn about application security, mentor junior developers, and collaborate with product managers, security researchers, and engineers. You will influence the technical and product direction of Semgrep's foundational analysis and contribute to making it a world-leading static-analysis project.
Semgrep is on a mission to make it expensive to exploit software. As the team behind the most popular SAST, Semgrep built the Semgrep AppSec Platform to deliver industry-leading code, dependency, and secrets scanning, enabling organizations to ship secure code quickly without slowing down development. Leading companies like Snowflake, Plaid, Figma, Lyft, and Dropbox rely on Semgrep. The company is funded by top investors including Felicis Ventures, Lightspeed Venture Partners, Menlo Ventures, Redpoint Ventures, and Sequoia Capital.
Vulnerability detection tool for software development
Semgrep offers a tool that helps security engineers and developers identify and fix vulnerabilities in their code before deployment. It integrates into existing workflows, providing actionable insights while significantly reducing false positives in open-source vulnerabilities by up to 98% through reachability analysis. The tool is designed for speed, with average scan times of less than 5 minutes, allowing teams to quickly address security issues. Semgrep aims to enhance the security of the software development life cycle, improving productivity and reducing technical debt.