Full-Time
Staff Software Engineer-Infrastructure
Updated on 2/10/2025
Semgrep
51-200 employees
Vulnerability detection tool for software development
Compensation Overview
$185k - $238kAnnually
Senior, Expert
Boston, MA, USA + 3 more
More locations: San Francisco, CA, USA | New York, NY, USA | Denver, CO, USA
Salary range listed is for someone based in the San Francisco Bay Area.
You match the following Semgrep's candidate preferences
Employers are more likely to interview you if you match these preferences:
- 7+ years of experience developing and operating production software
- Familiar with AWS and Kubernetes
- Passionate about improving the availability and reliability of software systems
- Ability to work iteratively, fail fast, manage risk, and effectively respond to incidents
- Experience leading complex initiatives and working across teams
- Thoughtful mentor and lifelong learner
- Own major infrastructure initiatives end-to-end, from working with stakeholders to identify needs through implementation, onboarding, and maintenance
- Develop technical strategy, working cross functionally with other leaders at the company to determine the evolution of our cloud infrastructure
- Collaborate with engineers and product managers to support them in building the best possible products
- Architect and build simple, maintainable, extensible and observable software systems
- Advise, mentor, and sponsor other engineers inside and outside the team
- Maintain the software systems we operate as part of our platform
Semgrep offers a tool that helps security engineers and developers identify and fix vulnerabilities in their code before deployment. It integrates into existing workflows, providing actionable insights while significantly reducing false positives in open-source vulnerabilities by up to 98% through reachability analysis. The tool is designed for speed, with average scan times of less than 5 minutes, allowing teams to quickly address security issues. Semgrep aims to empower development teams to incorporate security seamlessly into their processes, reducing technical debt and speeding up delivery times.
Company Stage
Series D
Total Funding
$187.7M
Headquarters
San Francisco, California
Founded
2017
6 month growth
↑ 1%1 year growth
↑ 0%2 year growth
↑ 16%
Simplify's Take
What believers are saying
- Increased demand for integrated security solutions in CI/CD pipelines boosts Semgrep's market relevance.
- The rise of supply chain attacks heightens the need for Semgrep's third-party dependency detection.
- The shift towards DevSecOps aligns with Semgrep's focus on developer-friendly security tools.
What critics are saying
- Increased competition from Snyk and GitHub's CodeQL could impact Semgrep's market position.
- Over-reliance on funding rounds may lead to financial instability if future rounds falter.
- Rapid technological changes in cybersecurity could render Semgrep's tools obsolete without innovation.
What makes Semgrep unique
- Semgrep reduces false positives in vulnerabilities by up to 98% with reachability analysis.
- The tool integrates seamlessly into existing workflows, enhancing SDLC processes for engineering teams.
- Semgrep's average scan time is under 5 minutes, with a median CI scan time of 10 seconds.
Help us improve and share your feedback! Did you find this helpful?
Benefits
Health Insurance
Paid Vacation
401(k) Retirement Plan
Professional Development Budget
Flexible Work Hours
Remote Work Options