Our mission is to make world-class software security available to everyone. This means building program analysis tools that are open source, easy to use, powerful, and fast. It also means building a team with security expertise and a passion for great developer experiences. Most of all, it means working with honesty and respect in a diverse community of dreamers and builders. We’ve redefined static analysis tooling by committing to all of these, and turned our project, Semgrep, into an essential safeguard for code at Snowflake, Dropbox, and more.

On r2c’s Semgrep team, you’ll build user facing security tools to help people secure their software applications from vulnerabilities. Our users depend on our tools to run effective, pragmatic security programs, enabling a partnership between security teams and developers. Existing vulnerability management tools produce a ton of noise, and this extra work is passed on to the AppSec teams and results in inefficient security programs. Our goal is to help cut through the noise and make security teams more effective. We work to make supply chain security as simple and intuitive for our users as possible, so they can focus on their mission.

Semgrep team members have the opportunity to work on a broad variety of problems. We’re responsible for the full lifecycle of the product, from finding vulnerabilities in the wild, to identifying vulnerabilities in user code, to helping customers understand their best path to remediation. We use static analysis to cut through the noise of false positives, and build beautiful user interfaces that give security folks the context they need to take action. Most importantly, our team looks for new and innovative ways to protect our users from supply chain threats.

We’re looking for a product-focused engineer who is passionate about security and excited to learn from users and practitioners. If you enjoy running experiments, discovering new ways to delight users, and building a product from the ground up, you’ll be a great fit for our team.

-Work on major product initiatives end-to-end, delighting users with our next-generation SAST products

-Contribute to our IDE integrations to bring our products directly into users’ hands

-Help set technical and product direction, collaborating with the team to determine the future of the product, what features to build, and how to build them

-Architect and build elegant, maintainable, extensible software systems

-Learn from users to understand their needs, build products to help keep them secure, and work with them to help them scale their security programs

-You have 5+ years of experience writing production software and building products

-You’re a full stack engineer with experience up and down the stack

-You are first and foremost excited to build products and help users

-You have experience breaking down challenging problems and executing on them

-You know how to run experiments, work iteratively, learn quickly, and fail fast

Our goal is to competitively and fairly compensate every r2cer with a system that equally rewards those who are vocal and those who are less comfortable making demands during the final steps of the hiring process. To that end, we generate internal compensation bands that are used when discussing and negotiating salaries. We update these based on market data to make sure they’re above the average for comparable roles.

We also invest in our employees’ well-being and long term success with comprehensive health plans, generous vacation time, learning stipends, and more. Our benefits are for everyone, so that you’re taken care of, and we work with individuals to make sure they have what they need, whether that’s quiet work space, adjusted hours, or any other accommodation.

We have people from France and the Philippines, physics and philosophy, formal methods research and full fledged corporations. We’re new parents and new grads, aspiring authors and adrenaline addicts, dog lovers and dogfooders. We get together often to bike, bake, and meet up in parks. In our interactions, we believe respect and honesty go hand in hand, and prioritize both.

r2c is an equal-opportunity employer seeking a diverse range of backgrounds. We value who you are — including your cultural heritage, your socioeconomic status, your age, your race, your gender, your sexual orientation, your disabilities. We value what’s vitally important to you — your family, your religion, your politics. We value what you love in this world — your music, your weekend pursuits. We believe in welcoming varied professional backgrounds, educations, and interests. If you’re exceptional in your role, believe in r2c’s mission, and treat r2c’s values as your own, you belong here.

You will need working proficiency and communication skills in verbal and written English. We work as a hybrid on-site / remote organization. r2c primarily works in the Pacific, Eastern, and Central EU time zones.