Semgrep

Senior Program Analysis Engineer, Code

Remote

Auto‑apply with AI Apply

Not SpecifiedCompensation

Senior (5 to 8 years)Experience Level

Full TimeJob Type

UnknownVisa

Cybersecurity, Software Security, Application SecurityIndustries

Requirements

Candidates should possess at least 4 years of software development experience, with a minimum of 3 years dedicated to program static analysis or equivalent academic experience such as a PhD, and experience working with functional programming languages like OCaml, Haskell, Rust, or F#. Technical leadership experience guiding cross-functional teams through complex engineering initiatives is also required.

Responsibilities

As a Senior Program Analysis Engineer, you will make fundamental improvements to Semgrep’s analysis capabilities, contribute to the technical roadmap for foundational analysis, and advise and mentor other engineers through code reviews, planning discussions, and technical documentation. You will also help set technical and product direction, collaborate with the team to determine the future of the product, and learn from users to understand their needs and build products to help them scale their security programs, potentially working on projects such as enhancing field-sensitivity in taint analysis or designing new rule syntaxes.

Skills

Static Analysis

Security Tools Development

Programming Languages (e.g., multiple languages for static analysis)

Vulnerability Detection

Code Analysis

Collaboration with Product Managers and Security Researchers

Mentoring Junior Developers

Semgrep

Vulnerability detection tool for software development

About Semgrep

Semgrep offers a tool that helps security engineers and developers identify and fix vulnerabilities in their code before deployment. It integrates into existing workflows, providing actionable insights while significantly reducing false positives in open-source vulnerabilities by up to 98% through reachability analysis. The tool is designed for speed, with average scan times of less than 5 minutes, allowing teams to quickly address security issues. Semgrep aims to enhance the security of the software development life cycle, improving productivity and reducing technical debt.

Key Metrics

San Francisco, CaliforniaHeadquarters

2017Year Founded

$90.5MTotal Funding

SERIES_CCompany Stage

Enterprise Software, CybersecurityIndustries

51-200Employees

Benefits

Health Insurance

Paid Vacation

401(k) Retirement Plan

Professional Development Budget

Flexible Work Hours

Remote Work Options

Risks

Increased competition from Snyk and GitGuardian in the code analysis market.

Rapid evolution of programming languages may outpace Semgrep's tool updates.

Customer concerns about data privacy in cloud-based solutions could affect adoption.

Differentiation

Semgrep reduces false positives in vulnerabilities by up to 98% with reachability analysis.

The tool integrates seamlessly into existing workflows and ticketing systems for developers.

Average scan time is under 5 minutes, enhancing productivity and efficiency.

Upsides

Increased demand for supply chain security tools boosts Semgrep's market potential.

Rise of DevSecOps practices aligns with Semgrep's focus on SDLC security integration.

Growing popularity of IaC tools presents expansion opportunities for Semgrep.

Land your dream remote job 3x faster with AI

Try Jobo Free