Full-Time

Senior Software Engineer-Security Workflows

Confirmed live in the last 24 hours

Semgrep

Semgrep

51-200 employees

Vulnerability detection tool for software development

Compensation Overview

$176k - $207kAnnually

+ Equity + Benefits

Mid, Senior

Boston, MA, USA + 2 more

More locations: San Francisco, CA, USA | New York, NY, USA

Candidates are required to be in-office 2-3 days per week.

Category
Security Engineering
Software Engineering
Required Skills
Python
JavaScript
Postgres
Data Analysis
Requirements
  • 4+ years of experience writing production software and building web applications
  • Experience with Python, Javascript, and Postgres
  • Experience with ClickHouse, or experience building reporting/analytics solutions
  • Excellent and proactive communication, both verbal and written
Responsibilities
  • Work on major product initiatives end-to-end, from user-research through design, implementation, and deployment
  • Help set technical and product direction, collaborating with the team to determine the future of the product, what features to build, and how to build them
  • Learn from users to understand their needs, build products to help keep them secure, and work with them to help them scale their security programs
  • Advocate for and develop intuitive, simple, robust APIs that solve a wide variety of complex problems using simple, elegant abstractions
  • Ensure continual, high-availability operation of services using modern site-reliability practices, including participation in an on-call rotation
  • Advise and mentor other engineers via thoughtful code reviews, planning discussions, technical documentation, and formal mentorship
Desired Qualifications
  • Excitement about building for customers, learning their needs, iterating fast, and seeing your solutions solve their core problems

Semgrep offers a tool that helps security engineers and developers identify and fix vulnerabilities in their code before deployment. It integrates into existing workflows, providing actionable insights while significantly reducing false positives in open-source vulnerabilities by up to 98% through reachability analysis. The tool is designed for speed, with average scan times of less than 5 minutes, allowing teams to quickly address issues. Semgrep aims to streamline the security process for developers, enabling more efficient and secure software delivery.

Company Size

51-200

Company Stage

Series D

Total Funding

$187.7M

Headquarters

San Francisco, California

Founded

2017

Simplify Jobs

Simplify's Take

What believers are saying

  • Increased demand for integrated security solutions in CI/CD pipelines boosts Semgrep's market relevance.
  • The rise of supply chain attacks heightens the need for Semgrep's third-party dependency detection.
  • The shift towards DevSecOps aligns with Semgrep's focus on developer-friendly security tools.

What critics are saying

  • Increased competition from Snyk and GitHub's CodeQL could impact Semgrep's market position.
  • Over-reliance on funding rounds may lead to financial instability if future rounds falter.
  • Rapid technological changes in cybersecurity could render Semgrep's tools obsolete without innovation.

What makes Semgrep unique

  • Semgrep reduces false positives in vulnerabilities by up to 98% with reachability analysis.
  • The tool integrates seamlessly into existing workflows, enhancing SDLC processes for engineering teams.
  • Semgrep's average scan time is under 5 minutes, with a median CI scan time of 10 seconds.

Help us improve and share your feedback! Did you find this helpful?

Benefits

Health Insurance

Paid Vacation

401(k) Retirement Plan

Professional Development Budget

Flexible Work Hours

Remote Work Options

Growth & Insights and Company News

Headcount

6 month growth

-1%

1 year growth

-1%

2 year growth

13%
Silicon Valley Journals
Feb 5th, 2025
Semgrep Raises $100M Series D Funding Round

Semgrep, a leading application security platform, has secured $100 million in Series D funding, led by Menlo Ventures with participation from existing

Semgrep
Apr 19th, 2023
Semgrep, a code & supply chain security search engine, raises Series C

Announcing our $53M Series C led by Lightspeed Venture Partners

R2C
May 11th, 2022
R2c launched DeepSemgrep for Java and Ruby on May 11th 22'.

Recognizing the value of deeper vulnerability detection, today R2c is announcing DeepSemgrep for Java and Ruby.

R2C
Oct 21st, 2021
R2c is developing Semgrep

When R2c began developing Semgrep that was its main focus, and R2c knew that lightweight static analysis, based on syntax-aware matching, would excel at enforcing secure defaults.

TechCrunch
Jul 7th, 2021
r2c raises $27M to scale its security-focused code analysis service

This morning r2c, a startup building a SaaS service around the Semgrep open-source project, announced that it has closed a $27 million Series B. Felicis led the round, which the company said was a pre-emptive deal.