Semgrep

Senior Program Analysis Engineer, Code

Remote

Not SpecifiedCompensation
Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
Cybersecurity, Software Security, Application SecurityIndustries

Requirements

Candidates should possess at least 4 years of software development experience, with a minimum of 3 years dedicated to program static analysis or equivalent academic experience such as a PhD, and experience working with functional programming languages like OCaml, Haskell, Rust, or F#. Technical leadership experience guiding cross-functional teams through complex engineering initiatives is also required.

Responsibilities

As a Senior Program Analysis Engineer, you will make fundamental improvements to Semgrep’s analysis capabilities, contribute to the technical roadmap for foundational analysis, and advise and mentor other engineers through code reviews, planning discussions, and technical documentation. You will also help set technical and product direction, collaborate with the team to determine the future of the product, and learn from users to understand their needs and build products to help them scale their security programs, potentially working on projects such as enhancing field-sensitivity in taint analysis or designing new rule syntaxes.

Skills

Static Analysis
Security Tools Development
Programming Languages (e.g., multiple languages for static analysis)
Vulnerability Detection
Code Analysis
Collaboration with Product Managers and Security Researchers
Mentoring Junior Developers

Semgrep

Vulnerability detection tool for software development

About Semgrep

Semgrep offers a tool that helps security engineers and developers identify and fix vulnerabilities in their code before deployment. It integrates into existing workflows, providing actionable insights while significantly reducing false positives in open-source vulnerabilities by up to 98% through reachability analysis. The tool is designed for speed, with average scan times of less than 5 minutes, allowing teams to quickly address security issues. Semgrep aims to enhance the security of the software development life cycle, improving productivity and reducing technical debt.

Key Metrics

San Francisco, CaliforniaHeadquarters
2017Year Founded
$90.5MTotal Funding
SERIES_CCompany Stage
Enterprise Software, CybersecurityIndustries
51-200Employees

Benefits

Health Insurance
Paid Vacation
401(k) Retirement Plan
Professional Development Budget
Flexible Work Hours
Remote Work Options

Risks

Increased competition from Snyk and GitGuardian in the code analysis market.
Rapid evolution of programming languages may outpace Semgrep's tool updates.
Customer concerns about data privacy in cloud-based solutions could affect adoption.

Differentiation

Semgrep reduces false positives in vulnerabilities by up to 98% with reachability analysis.
The tool integrates seamlessly into existing workflows and ticketing systems for developers.
Average scan time is under 5 minutes, enhancing productivity and efficiency.

Upsides

Increased demand for supply chain security tools boosts Semgrep's market potential.
Rise of DevSecOps practices aligns with Semgrep's focus on SDLC security integration.
Growing popularity of IaC tools presents expansion opportunities for Semgrep.

Land your dream remote job 3x faster with AI