Senior Program Analysis Engineer, Code

Summary

Join Semgrep as a Program Analysis Engineer and build user-facing security tools to enhance the Code product line. You will expand Semgrep's static analysis capabilities, speed up the engine, and add new analysis features. Collaborate with cross-functional teams, mentor junior developers, and contribute to the technical roadmap. Learn from users, understand their needs, and build products to help them scale their security programs. Your decisions will be key to making Semgrep a world-leading static-analysis project. Semgrep offers a competitive salary, equity, and benefits, including comprehensive health plans, generous vacation time, 401k, and learning stipends.

Requirements

• 4+ years of software development experience, with at least 3 years of that focusing on program static analysis or equivalent academic experience such as a PhD
• Experience working in a functional programming language (OCaml, Haskell, Rust, F#)
• Technical leadership experience guiding cross-functional teams through complex engineering initiatives
• Passion for shipping quickly and safely, caring deeply about solving real problems for our users and allowing them to depend on us
• Excellent and proactive communication, both verbal and written

Responsibilities

• Make fundamental improvements to Semgrep’s analysis capabilities to enhance the Code product line
• Help set technical and product direction, collaborating with the team to determine the future of the product, what features to build, and how to build them
• Contribute to the technical roadmap for our foundational analysis, listening to our users as well as program analysis engineers and security researchers across the company
• Learn from users to understand their needs, build products to help keep them secure, and work with them to help them scale their security programs
• Advise and mentor other engineers via thoughtful code reviews, planning discussions, technical documentation, and formal mentorship

Preferred Qualifications

• Enhance field-sensitivity in Semgrep's taint analysis engine, or enable tracking of taint through function callbacks in Javascript
• Design a new rule syntax in conjunction with the Security Researchers on your team to simplify rule writing in the presence of common frameworks
• Add new features to our IDE experience for the Code product

Benefits

• Salary Range : $176,000-207,000 USD
• Our compensation package includes equity and benefits in addition to salary
• Comprehensive health plans
• Generous vacation time
• 401k
• Learning stipends