[Remote] Staff/Senior Program Analysis Engineer, Semgrep Analysis Foundations at Semgrep

Remote

Apply Now

Not SpecifiedCompensation

Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level

Full TimeJob Type

UnknownVisa

Cybersecurity, Software Development, DevSecOpsIndustries

Requirements

Interest in code analysis (e.g., studying interpreters, compilers, linters, or garbage collectors)
3+ years experience owning the success of a critical service with a large and exponentially growing number of users, particularly its performance and reliability, using frameworks like Opentelemetry
Experience building for multiple operating systems (e.g., Linux, Apple Silicon, Windows), including in CI environments
Experience working in a functional programming language (OCaml, Haskell) or excitement to learn
Passion for shipping quickly and safely, caring deeply about solving real problems for users
Excellent and proactive communication, both verbal and written

Responsibilities

Ensure changes are released frequently and reliably through distribution methods like pip, homebrew, and docker
Build tooling to support users more effectively when they encounter problems
Make fundamental improvements to Semgrep’s analysis capabilities (performance, availability, precision) affecting all users
Advocate for architectural decisions that make code easy to reason about and scalable for growing users
Help set the technical roadmap for foundational analysis, listening to users, program analysis engineers, and security researchers
Advise and mentor other engineers via code reviews, planning discussions, technical documentation, and formal mentorship

Skills

Key technologies and capabilities for this role

Program AnalysisStatic AnalysisPythonPerformance OptimizationDockerpipHomebrewCI/CDSoftware ReleaseArchitectural DesignScalability

Questions & Answers

Common questions about this position

What experience is required for this role?

You need 3+ years experience owning the success of a critical service with a large and exponentially growing number of users, particularly its performance and reliability, using frameworks like Opentelemetry. Additional requirements include experience building for multiple operating systems like Linux, Apple Silicon, and Windows in CI environments, and experience in a functional programming language like OCaml or Haskell or excitement to learn.

What is the salary or compensation for this position?

This information is not specified in the job description.

Is this role remote or does it require office work?

This information is not specified in the job description.

What is the company culture like at Semgrep?

Semgrep emphasizes a culture of transparency where you'll see and influence key decisions, fast experimentation with frequent and painless releases, honesty and respect in a diverse community, and passion for great developer experiences.

What makes a strong candidate for this role?

Ideal candidates have a strong interest in code analysis, experience owning critical services at scale, multi-OS development skills, functional programming knowledge, and a passion for shipping quickly and safely while solving real user problems.

Semgrep

Vulnerability detection tool for software development

About Semgrep

Semgrep offers a tool that helps security engineers and developers identify and fix vulnerabilities in their code before deployment. It integrates into existing workflows, providing actionable insights while significantly reducing false positives in open-source vulnerabilities by up to 98% through reachability analysis. The tool is designed for speed, with average scan times of less than 5 minutes, allowing teams to quickly address security issues. Semgrep aims to enhance the security of the software development life cycle, improving productivity and reducing technical debt.

San Francisco, CaliforniaHeadquarters

2017Year Founded

$90.5MTotal Funding

SERIES_CCompany Stage

Enterprise Software, CybersecurityIndustries

51-200Employees

Benefits

Health Insurance

Paid Vacation

401(k) Retirement Plan

Professional Development Budget

Flexible Work Hours

Remote Work Options

Risks

Increased competition from Snyk and GitGuardian in the code analysis market.

Rapid evolution of programming languages may outpace Semgrep's tool updates.

Customer concerns about data privacy in cloud-based solutions could affect adoption.

Differentiation

Semgrep reduces false positives in vulnerabilities by up to 98% with reachability analysis.

The tool integrates seamlessly into existing workflows and ticketing systems for developers.

Average scan time is under 5 minutes, enhancing productivity and efficiency.

Upsides

Increased demand for supply chain security tools boosts Semgrep's market potential.

Rise of DevSecOps practices aligns with Semgrep's focus on SDLC security integration.

Growing popularity of IaC tools presents expansion opportunities for Semgrep.

Land your dream remote job 3x faster with AI

Try Jobo Free