[Remote] Staff/Senior Program Analysis Engineer, Semgrep Analysis Foundations at Semgrep

Remote

Apply Now

Not SpecifiedCompensation

N/AExperience Level

N/AJob Type

Not SpecifiedVisa

N/AIndustries

Requirements

3+ years experience owning the success of a critical service with a large and exponentially growing number of users, particularly its performance and reliability, with the help of frameworks like Opentelemetry
Experience building for multiple operating systems, such as Linux, Apple Silicon, and Windows, including in CI environments
Experience working in a functional programming language (OCaml, Haskell) or the excitement to learn
Excellent and proactive communication, both verbal and written
Interest in code analysis

Responsibilities

Ensure that our changes are released frequently and reliably through a number of distribution methods, including pip, homebrew, and docker
Build tooling that allows us to support our users more effectively when they encounter problems
Make fundamental improvements to Semgrep’s analysis capabilities that affect all users, including to its performance, availability, and precision
Advocate for architectural decisions that make our code easy to reason about and allow us to scale with an exponentially growing number of users
Help set the technical roadmap for our foundational analysis, listening to our users as well as program analysis engineers and security researchers across the company
Advise and mentor other engineers via thoughtful code reviews, planning discussions, technical documentation, and formal mentorship

Skills

Semgrep

Vulnerability detection tool for software development

About Semgrep

Semgrep offers a tool that helps security engineers and developers identify and fix vulnerabilities in their code before deployment. It integrates into existing workflows, providing actionable insights while significantly reducing false positives in open-source vulnerabilities by up to 98% through reachability analysis. The tool is designed for speed, with average scan times of less than 5 minutes, allowing teams to quickly address security issues. Semgrep aims to enhance the security of the software development life cycle, improving productivity and reducing technical debt.

San Francisco, CaliforniaHeadquarters

2017Year Founded

$90.5MTotal Funding

SERIES_CCompany Stage

Enterprise Software, CybersecurityIndustries

51-200Employees

Benefits

Health Insurance

Paid Vacation

401(k) Retirement Plan

Professional Development Budget

Flexible Work Hours

Remote Work Options

Risks

Increased competition from Snyk and GitGuardian in the code analysis market.

Rapid evolution of programming languages may outpace Semgrep's tool updates.

Customer concerns about data privacy in cloud-based solutions could affect adoption.

Differentiation

Semgrep reduces false positives in vulnerabilities by up to 98% with reachability analysis.

The tool integrates seamlessly into existing workflows and ticketing systems for developers.

Average scan time is under 5 minutes, enhancing productivity and efficiency.

Upsides

Increased demand for supply chain security tools boosts Semgrep's market potential.

Rise of DevSecOps practices aligns with Semgrep's focus on SDLC security integration.

Growing popularity of IaC tools presents expansion opportunities for Semgrep.

Land your dream remote job 3x faster with AI

Try Jobo Free