Semgrep hiring Senior Program Analysis Engineer, Code • Remote (Work from Home) | Himalayas
SemgrepSE

Senior Program Analysis Engineer, Code

Semgrep is an application security company that provides a platform for developers to find and fix vulnerabilities in code, dependencies, and secrets, aiming to make security an integral part of the development process.

Semgrep

Employee count: 51-200

Salary: 176k-207k USD

United States only

About Semgrep

Semgrep is on a mission to make it expensive to exploit software. As the team behind the most popular SAST, we built the Semgrep AppSec Platform to deliver industry-leading code, dependency, and secrets scanning to enable organizations to ship secure code quickly without slowing down development.

With fast, customizable code analysis across large codebases, Semgrep helps teams catch vulnerabilities early and fix them faster. Leading companies like Snowflake, Plaid, Figma, Lyft, and Dropbox rely on Semgrep to secure their software.

Semgrep is funded by top investors, including Felicis Ventures, Lightspeed Venture Partners, Menlo Ventures, Redpoint Ventures, and Sequoia Capital.

About the role

As a program analysis engineer working on Semgrep’s Code product, you’ll build user facing security tools to help people secure the software their developers are writing. You will expand Semgrep’s static analysis capabilities to new languages, speed up the engine to find new vulnerabilities faster, and add new analysis features to better catch the vulnerabilities customers care about. Together with your team, you’ll write the tools to make it faster and easy to keep the code developers are writing secure and fast.

You’ll learn about the application-security space, mentor more junior developers, collaborate with product managers, security researchers, and application development engineers to create security tools our customers love. Through Semgrep’s culture of transparency, you’ll see and influence the decisions that make a startup successful. Your decisions will be key to making Semgrep a world-leading static-analysis project, giving you lasting influence not only at Semgrep, but in the world’s developer community.

You will:

  • Make fundamental improvements to Semgrep’s analysis capabilities to enhance the Code product line
  • Help set technical and product direction, collaborating with the team to determine the future of the product, what features to build, and how to build them
  • Contribute to the technical roadmap for our foundational analysis, listening to our users as well as program analysis engineers and security researchers across the company
  • Learn from users to understand their needs, build products to help keep them secure, and work with them to help them scale their security programs
  • Advise and mentor other engineers via thoughtful code reviews, planning discussions, technical documentation, and formal mentorship

You are ideal for this role if you have:

  • 4+ years of software development experience, with at least 3 years of that focusing on program static analysis or equivalent academic experience such as a PhD
  • Experience working in a functional programming language (OCaml, Haskell, Rust, F#)
  • Technical leadership experience guiding cross-functional teams through complex engineering initiatives
  • Passion for shipping quickly and safely, caring deeply about solving real problems for our users and allowing them to depend on us
  • Excellent and proactive communication, both verbal and written

Some examples projects you might work on include:

  • Enhance field-sensitivity in Semgrep's taint analysis engine, or enable tracking of taint through function callbacks in Javascript
  • Design a new rule syntax in conjunction with the Security Researchers on your team to simplify rule writing in the presence of common frameworks
  • Add new features to our IDE experience for the Code product

Compensation

Salary Range: $176,000-207,000 USD

Our compensation package includes equity and benefits in addition to salary.

Please note that the range listed is for someone based in the San Francisco Bay Area.

What we offer

Our goal is to competitively and fairly compensate every Semgrep employee with a system that equally rewards those who are vocal and those who are less comfortable making demands during the final steps of the hiring process. To that end, we generate internal compensation bands that are used when discussing and negotiating salaries. We update these based on market data to make sure they’re above the average for comparable roles.

We also invest in our employees’ well-being and long term success with comprehensive health plans, generous vacation time, 401k, learning stipends, and more. Our benefits are for everyone, so that you’re taken care of, and we work with individuals to make sure they have what they need, whether that’s quiet work space, adjusted hours, or something else.

Who we are

We have people from France and the Philippines, physics and philosophy, formal methods research and full fledged corporations. We’re new parents and new grads, aspiring authors and aspiring Americans, dog lovers and dogfooders. We get together often to bike, bake, and meet up in parks. In our interactions, we believe respect and honesty go hand in hand, and prioritize both.

Semgrep is an equal-opportunity employer seeking a diverse range of backgrounds. We value who you are — including your cultural heritage, your socioeconomic status, your age, your race, your gender, your sexual orientation, your disabilities. We value what’s vitally important to you — your family, your religion, your politics. We value what you love in this world — your music, your weekend pursuits. We believe in welcoming varied professional backgrounds, educations, and interests. If you’re exceptional in your role, believe in Semgrep’s mission, and treat Semgrep’s values as your own, you belong here.

About the job

Apply before

Posted on

Job type

Full Time

Experience level

Senior

Salary

Salary: 176k-207k USD

Location requirements

Hiring timezones

United States +/- 0 hours

About Semgrep

Learn more about Semgrep and their company culture.

View company profile

Semgrep's journey began with a clear and ambitious mission: to fundamentally improve software security and reliability. Founded in 2017 by Isaac Evans, Drew Dennison, and Luke O'Malley, the company, initially known as r2c, recognized a critical gap in the application security landscape. While large tech companies had the resources to build sophisticated, custom security tooling, many other organizations struggled with tools that were often noisy, difficult to integrate, and didn't align well with developer workflows. The founders envisioned a new approach, one that empowered developers to write secure code from the outset, rather than treating security as an afterthought or a bottleneck.

A pivotal moment in Semgrep's evolution was the decision to build upon and significantly enhance an open-source project called sgrep, which itself had roots in tools developed at Facebook. This commitment to open-source principles became a cornerstone of Semgrep's philosophy. By 2020, this revitalized project was launched as Semgrep, offering a powerful yet intuitive static analysis tool. The core idea was to make security analysis feel like a natural extension of a developer's existing toolkit – fast, customizable, and capable of understanding code semantics without requiring developers to become security experts. This developer-first approach quickly gained traction, attracting a vibrant community and adoption by leading technology companies. Semgrep's platform has since expanded to include solutions for Software Composition Analysis (SCA) and secrets detection, all integrated into a unified AppSec Platform designed to provide high-fidelity findings and streamline the process of securing code throughout the development lifecycle. The company continues to innovate, incorporating AI to further reduce false positives and provide actionable remediation advice, staying true to its founding goal of making robust application security accessible to all.

Employee benefits

Learn about the employee benefits and perks provided at Semgrep.

View benefits

Comprehensive health plans

We offer health, dental, and vision plans for you and your dependents.

Retirement plans

We offer retirement plans, including 401(k), for investing in your future.

Remote Work

Enjoy the flexibility and convenience of working from home or wherever you work best.

Unlimited PTO

We work hard so it's important to recharge. Time off is mandated and at least 3+ weeks is encouraged.

View Semgrep's employee benefits
Claim this profileSemgrep logoSE

Semgrep

View company profile

Similar remote jobs

Here are other jobs you might want to apply for.

View all remote jobs

4 remote jobs at Semgrep

Explore the variety of open remote roles at Semgrep, offering flexible work options across multiple disciplines and skill levels.

View all jobs at Semgrep

Remote companies like Semgrep

Find your next opportunity by exploring profiles of companies that are similar to Semgrep. Compare culture, benefits, and job openings on Himalayas.

View all companies

Find your dream job

Sign up now and join over 85,000 remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan