Full-Time

Sr. Full Stack Web Developer

Marketing

Posted on 1/10/2025

Semgrep

Semgrep

51-200 employees

Vulnerability detection tool for software development

Enterprise Software
Cybersecurity

Compensation Overview

$152k - $182kAnnually

Senior, Expert

San Francisco, CA, USA + 1 more

More locations: New York, NY, USA

The role requires in-office attendance 2-3 times a week.

Category
Full-Stack Engineering
Web Development
Software Engineering
Required Skills
Python
JavaScript
React.js
Git
Node.js
Figma
REST APIs
Development Operations (DevOps)
HTML/CSS

You match the following Semgrep's candidate preferences

Employers are more likely to interview you if you match these preferences:

Degree
Experience
Requirements
  • 7+ of full stack development experience, building dynamic, responsive websites with an emphasis on the front-end.
  • Fluency in front-end technologies such as HTML, CSS, and JavaScript (React) and frameworks.
  • Knowledge of server-side languages such as Node.js or Python.
  • Understanding of DevOps practices and CI/CD pipelines.
  • Knowledge and familiarity with modern digital design and prototyping tools (like Figma).
  • Experience and comfort with Git and version control.
  • Understanding of and experience with unit, integration and end-to-end testing.
  • Experience working with CMSs including integrating their REST APIs.
  • Excellent verbal and written communication skills with a knack for explaining complex technical concepts to marketers, designers, and other stakeholders.
  • Strong sense of responsibility and accountability with excellent attention to detail.
  • Entrepreneurial spirit: you’re proactive, agile, creative, resourceful, and tenacious as you solve problems and achieve team and company goals.
Responsibilities
  • Build, maintain, and optimize features and functionality for semgrep.dev.
  • Cross-Functional Collaboration: Align with a team comprising marketers, designers, growth, product, and developers to continuously deliver improvements.
  • Innovation: Introduce and improve web development standards, tooling, and processes to keep our website at the cutting edge of industry standards.
  • Support the creation and deployment of new marketing campaigns across the website by leveraging our design system and improving the self-service capabilities of our CMS.
  • In close step with designers, execute front-end projects with meticulous polish.
  • Assist other teams and own experimentation through A/B testing and personalization to improve website conversion rate and engagement.
  • Operational Excellence: Manage code deployments, updates, and releases and proactively seek out ways to uplevel the reliability, functionality, and flexibility of the website.
Desired Qualifications
  • Experience with CMS platforms required- bonus points for headless.
  • Expertise in common web application security issues.

Semgrep offers a tool that helps security engineers and developers identify and fix vulnerabilities in their code before deployment. It integrates into existing workflows, providing actionable insights while significantly reducing false positives in open-source vulnerabilities by up to 98% through reachability analysis. The tool is designed for speed, with average scan times of less than 5 minutes, allowing teams to quickly address issues. Semgrep aims to streamline the security process for developers, enabling more efficient and secure software delivery.

Company Size

51-200

Company Stage

Series D

Total Funding

$187.7M

Headquarters

San Francisco, California

Founded

2017

Simplify Jobs

Simplify's Take

What believers are saying

  • Increased demand for integrated security solutions in CI/CD pipelines boosts Semgrep's market relevance.
  • The rise of supply chain attacks heightens the need for Semgrep's third-party dependency detection.
  • The shift towards DevSecOps aligns with Semgrep's focus on developer-friendly security tools.

What critics are saying

  • Increased competition from Snyk and GitHub's CodeQL could impact Semgrep's market position.
  • Over-reliance on funding rounds may lead to financial instability if future rounds falter.
  • Rapid technological changes in cybersecurity could render Semgrep's tools obsolete without innovation.

What makes Semgrep unique

  • Semgrep reduces false positives in vulnerabilities by up to 98% with reachability analysis.
  • The tool integrates seamlessly into existing workflows, enhancing SDLC processes for engineering teams.
  • Semgrep's average scan time is under 5 minutes, with a median CI scan time of 10 seconds.

Help us improve and share your feedback! Did you find this helpful?

Benefits

Health Insurance

Paid Vacation

401(k) Retirement Plan

Professional Development Budget

Flexible Work Hours

Remote Work Options

Growth & Insights and Company News

Headcount

6 month growth

1%

1 year growth

0%

2 year growth

16%
Silicon Valley Journals
Feb 5th, 2025
Semgrep Raises $100M Series D Funding Round

Semgrep, a leading application security platform, has secured $100 million in Series D funding, led by Menlo Ventures with participation from existing

Semgrep
Apr 19th, 2023
Semgrep, a code & supply chain security search engine, raises Series C

Announcing our $53M Series C led by Lightspeed Venture Partners

R2C
May 11th, 2022
R2c launched DeepSemgrep for Java and Ruby on May 11th 22'.

Recognizing the value of deeper vulnerability detection, today R2c is announcing DeepSemgrep for Java and Ruby.

R2C
Oct 21st, 2021
R2c is developing Semgrep

When R2c began developing Semgrep that was its main focus, and R2c knew that lightweight static analysis, based on syntax-aware matching, would excel at enforcing secure defaults.

TechCrunch
Jul 7th, 2021
r2c raises $27M to scale its security-focused code analysis service

This morning r2c, a startup building a SaaS service around the Semgrep open-source project, announced that it has closed a $27 million Series B. Felicis led the round, which the company said was a pre-emptive deal.

TechCrunch
Oct 29th, 2020
Redpoint and Sequoia are backing a startup to copyedit your shit code | TechCrunch

Code is the lifeblood of the modern world, yet the tooling for some programming environments can be remarkably spartan. While developers have long had

INACTIVE