Senior Program Analysis Engineer, Code

Position Overview

• Location Type: Not specified
• Job Type: Not specified
• Salary: $176,000-207,000 USD (for San Francisco Bay Area)

Semgrep is seeking a Program Analysis Engineer to join their Code product team. This role involves building user-facing security tools to enhance software security. You will expand Semgrep's static analysis capabilities, improve engine speed, and add new analysis features to detect vulnerabilities. The position offers opportunities to learn about application security, mentor junior developers, and collaborate with product managers, security researchers, and engineers. You will influence the technical and product direction of Semgrep's foundational analysis and contribute to making it a world-leading static-analysis project.

Requirements

• 4+ years of software development experience, with at least 3 years focusing on program static analysis or equivalent academic experience (e.g., PhD).
• Experience working in a functional programming language (OCaml, Haskell, Rust, F#).
• Technical leadership experience guiding cross-functional teams through complex engineering initiatives.
• Passion for shipping quickly and safely, solving real user problems, and enabling user dependability.
• Excellent and proactive communication skills, both verbal and written.

Responsibilities

• Make fundamental improvements to Semgrep’s analysis capabilities to enhance the Code product line.
• Help set technical and product direction, collaborating with the team on product features and implementation.
• Contribute to the technical roadmap for foundational analysis, incorporating user feedback and insights from program analysis engineers and security researchers.
• Learn from users to understand their needs, build products to keep them secure, and help them scale their security programs.
• Advise and mentor other engineers through code reviews, planning discussions, technical documentation, and formal mentorship.

Example Projects

• Enhance field-sensitivity in Semgrep's taint analysis engine or enable taint tracking through function callbacks in Javascript.
• Design a new rule syntax in conjunction with Security Researchers to simplify rule writing for common frameworks.
• Add new features to the IDE experience for the Code product.

Company Information

Semgrep is on a mission to make it expensive to exploit software. As the team behind the most popular SAST, Semgrep built the Semgrep AppSec Platform to deliver industry-leading code, dependency, and secrets scanning, enabling organizations to ship secure code quickly without slowing down development. Leading companies like Snowflake, Plaid, Figma, Lyft, and Dropbox rely on Semgrep. The company is funded by top investors including Felicis Ventures, Lightspeed Venture Partners, Menlo Ventures, Redpoint Ventures, and Sequoia Capital.

Compensation & Benefits

• Salary Range: $176,000-207,000 USD (for San Francisco Bay Area).
• Compensation package includes equity and benefits in addition to salary.
• Semgrep aims to competitively and fairly compensate all employees with a system that rewards those who are vocal and those who are less comfortable making demands.