Senior Software Security Engineer, Research & Engineering
Trail of Bits- Full Time
- Senior (5 to 8 years)
Candidates should possess at least 4 years of software development experience, with a minimum of 3 years dedicated to program static analysis or equivalent academic experience such as a PhD, and experience working with functional programming languages like OCaml, Haskell, Rust, or F#. Technical leadership experience guiding cross-functional teams through complex engineering initiatives is also required.
As a Senior Program Analysis Engineer, you will make fundamental improvements to Semgrep’s analysis capabilities, contribute to the technical roadmap for foundational analysis, and advise and mentor other engineers through code reviews, planning discussions, and technical documentation. You will also help set technical and product direction, collaborate with the team to determine the future of the product, and learn from users to understand their needs and build products to help them scale their security programs, potentially working on projects such as enhancing field-sensitivity in taint analysis or designing new rule syntaxes.
Vulnerability detection tool for software development
Semgrep offers a tool that helps security engineers and developers identify and fix vulnerabilities in their code before deployment. It integrates into existing workflows, providing actionable insights while significantly reducing false positives in open-source vulnerabilities by up to 98% through reachability analysis. The tool is designed for speed, with average scan times of less than 5 minutes, allowing teams to quickly address security issues. Semgrep aims to enhance the security of the software development life cycle, improving productivity and reducing technical debt.