Semgrep

Staff Security Advocate

Remote

Not SpecifiedCompensation
Entry Level & New GradExperience Level
Full TimeJob Type
UnknownVisa
Cybersecurity, Application Security, Software DevelopmentIndustries

About Semgrep

Semgrep is on a mission to make it expensive to exploit software. As the team behind the most popular SAST, we built the Semgrep AppSec Platform to deliver industry-leading code, dependency, and secrets scanning to enable organizations to ship secure code quickly without slowing down development.

With fast, customizable code analysis across large codebases, Semgrep helps teams catch vulnerabilities early and fix them faster. Leading companies like Snowflake, Plaid, Figma, Lyft, and Dropbox rely on Semgrep to secure their software.

Semgrep is funded by top investors, including Felicis Ventures, Lightspeed Venture Partners, Menlo Ventures, Redpoint Ventures, and Sequoia Capital.

About the Role

The Semgrep Security Advocacy team drives awareness and preference for Semgrep within both application security and software development communities. A Security Advocate will educate teams on secure coding, activate them through delightful product onboarding experiences, and encourage community champions to become force-multipliers that amplify our messages. We work extremely hard but also bring the fun to cross-functional.

Location Expectations

This role is remote friendly, with some travel expected.

Prior experience in a fast-paced, tech environment is helpful, but we are more interested in your curiosity and passion for learning and technical skills than your pedigree. So if this opportunity excites you but you don’t meet the exact requirements, apply anyway!

What You’ll Do

Security Research & Thought Leadership

  • Partner with security researchers to investigate emerging security trends and patterns, transforming complex findings into easily understandable and actionable insights that resonate with security and developer audiences.
  • Build and maintain credibility as a trusted security voice by publishing original research, proof-of-concepts, and detailed analysis.

Content Creation

  • Amplify discoveries and messages through compelling story narratives and real-world demonstrations.
  • Address critical security education gaps within developer and security ecosystems.
  • Produce high-impact technical content including conference presentations, in-depth blog posts, video tutorials, and short-form community engagement on social channels and forums.

Community Building & Evangelism

  • Establish Semgrep as the go-to solution for secure coding by engaging authentically with security practitioners and software development teams wherever they are.
  • Lead technical workshops and hands-on training sessions that demonstrate practical security risks and remediation using Semgrep tools.
  • Cultivate relationships with other influencers within DevSecOps and AppSec communities to expand your reach and gather intelligence.
  • Support internal teammates to be the best version of themselves by sharing your knowledge and best practices across functions.

Product Feedback Loop

  • Serve as the voice of the community within Semgrep, translating user pain points and opportunities into product enhancement opportunities.
  • Support engineering and product teams to beta test and provide comprehensive user experience feedback.

Ideal Candidate Profile

Technical Security Expertise

  • 8+ years of hands-on keyboard experience identifying, analyzing, and remediating security vulnerabilities across web applications, cloud infrastructure, and APIs.
  • Proven track record of security research contributions such as CVE discoveries, security advisories, or published research.
  • Deep understanding of OWASP Top 10, secure coding practices, and common vulnerability classes as well as application security testing methodologies (SAST, DAST, IAST) with familiarity of strengths and limitations.

Software Development & Tools

  • Strong programming skills in multiple languages commonly used in enterprise development (Python, JavaScript, Java, Go, etc.).
  • Experience with modern development workflows and met

Skills

Secure Coding
Security Research
Security Trends Analysis
Technical Writing
Community Engagement
Product Onboarding

Semgrep

Vulnerability detection tool for software development

About Semgrep

Semgrep offers a tool that helps security engineers and developers identify and fix vulnerabilities in their code before deployment. It integrates into existing workflows, providing actionable insights while significantly reducing false positives in open-source vulnerabilities by up to 98% through reachability analysis. The tool is designed for speed, with average scan times of less than 5 minutes, allowing teams to quickly address security issues. Semgrep aims to enhance the security of the software development life cycle, improving productivity and reducing technical debt.

San Francisco, CaliforniaHeadquarters
2017Year Founded
$90.5MTotal Funding
SERIES_CCompany Stage
Enterprise Software, CybersecurityIndustries
51-200Employees

Benefits

Health Insurance
Paid Vacation
401(k) Retirement Plan
Professional Development Budget
Flexible Work Hours
Remote Work Options

Risks

Increased competition from Snyk and GitGuardian in the code analysis market.
Rapid evolution of programming languages may outpace Semgrep's tool updates.
Customer concerns about data privacy in cloud-based solutions could affect adoption.

Differentiation

Semgrep reduces false positives in vulnerabilities by up to 98% with reachability analysis.
The tool integrates seamlessly into existing workflows and ticketing systems for developers.
Average scan time is under 5 minutes, enhancing productivity and efficiency.

Upsides

Increased demand for supply chain security tools boosts Semgrep's market potential.
Rise of DevSecOps practices aligns with Semgrep's focus on SDLC security integration.
Growing popularity of IaC tools presents expansion opportunities for Semgrep.

Land your dream remote job 3x faster with AI