Semgrep

Staff Security Advocate

Remote

Auto‑apply with AI Apply

Not SpecifiedCompensation

Entry Level & New GradExperience Level

Full TimeJob Type

UnknownVisa

Cybersecurity, Application Security, Software DevelopmentIndustries

Requirements

Candidates should possess 8+ years of hands-on experience identifying, analyzing, and remediating security vulnerabilities across web applications, cloud infrastructure, and APIs, along with a proven track record of security research contributions such as CVE discoveries, security advisories, or published research. They should have a deep understanding of OWASP Top 10, secure coding practices, and common vulnerability classes, as well as application security testing methodologies (SAST, DAST, IAST) with familiarity of their strengths and limitations.

Responsibilities

The Staff Security Advocate will partner with security researchers to investigate emerging security trends and patterns, transforming complex findings into easily understandable and actionable insights for security and developer audiences. They will build and maintain credibility as a trusted security voice by publishing original research, proof-of-concepts, and detailed analysis, and produce high-impact technical content including conference presentations, blog posts, video tutorials, and community engagement. The role involves establishing Semgrep as the go-to solution for secure coding by engaging authentically with security practitioners and software development teams, leading technical workshops and hands-on training sessions, cultivating relationships with influencers, and serving as the voice of the community within Semgrep, translating user pain points into product enhancement opportunities, and supporting internal teammates.

Skills

Secure Coding

Security Research

Security Trends Analysis

Technical Writing

Community Engagement

Product Onboarding

Semgrep

Vulnerability detection tool for software development

About Semgrep

Semgrep offers a tool that helps security engineers and developers identify and fix vulnerabilities in their code before deployment. It integrates into existing workflows, providing actionable insights while significantly reducing false positives in open-source vulnerabilities by up to 98% through reachability analysis. The tool is designed for speed, with average scan times of less than 5 minutes, allowing teams to quickly address security issues. Semgrep aims to enhance the security of the software development life cycle, improving productivity and reducing technical debt.

Key Metrics

San Francisco, CaliforniaHeadquarters

2017Year Founded

$90.5MTotal Funding

SERIES_CCompany Stage

Enterprise Software, CybersecurityIndustries

51-200Employees

Benefits

Health Insurance

Paid Vacation

401(k) Retirement Plan

Professional Development Budget

Flexible Work Hours

Remote Work Options

Risks

Increased competition from Snyk and GitGuardian in the code analysis market.

Rapid evolution of programming languages may outpace Semgrep's tool updates.

Customer concerns about data privacy in cloud-based solutions could affect adoption.

Differentiation

Semgrep reduces false positives in vulnerabilities by up to 98% with reachability analysis.

The tool integrates seamlessly into existing workflows and ticketing systems for developers.

Average scan time is under 5 minutes, enhancing productivity and efficiency.

Upsides

Increased demand for supply chain security tools boosts Semgrep's market potential.

Rise of DevSecOps practices aligns with Semgrep's focus on SDLC security integration.

Growing popularity of IaC tools presents expansion opportunities for Semgrep.

Land your dream remote job 3x faster with AI

Try Jobo Free