Sr. Program Analysis Engineer

Our mission is to make world-class software security available to everyone. This means building program analysis tools that are open source, easy to use, powerful, and fast. It also means building a team with security expertise and a passion for great developer experiences. Most of all, it means working with honesty and respect in a diverse community of dreamers and builders. We’ve redefined static analysis tooling by committing to all of these, and turned our project, Semgrep, into an essential safeguard for code at Snowflake, Dropbox, and more.

We are looking for a program analysis engineer to join our dynamic team and help us power Semgrep.

You'll have the opportunity to learn and grow by working with developers and security professionals at all levels, from startups to social media giants. You'll collaborate with passionate program analysis experts who are dedicated to making developers' lives easier. As a valued member of our team, you'll help shape our company's future and mission. Every feature you create will have a tangible impact on our users' lives, and we are excited to see what you do.

-Design and help build world-class pragmatic software analysis tools for the security practitioners and developers

-Collaborate with engineers, product managers, and other partners to identify the most meaningful issues affecting today’s developers

-Craft high quality tools and checks to discover and fix these issues in our users’ codebases

-Develop systems or frameworks (e.g. linters, analysis tools, and other developer-workflow integrations) that help other engineers improve security

-A bachelor's degree in Computer Science, similar technical field of study, or equivalent practical experience

-Excitement about building for customers, learning their needs, iterating fast, and seeing your solutions solve their problems

-Experience with functional languages like OCaml, Haskell, or Scala

-Experience in one dynamic language like Python, Ruby, Javascript, or PHP

-Familiarity with program analysis and transformation concepts and tools, e.g. SSA, LLVM IR, taint tracking

-An interest in compilers, programming languages, functional programming, or program analysis

-A passion for software security

-Extend the capabilities of Semgrep (a semantic-grep, see https://semgrep.dev/) to support more complex patterns or to handle more programming languages

-Implement from scratch a parser for a new language (e.g., extend or add new grammars for https://tree-sitter.github.io/tree-sitter/ )

-Refine generic ASTs to support more programming languages

-Implement dataflow analysis to find bugs

-Use Datalog to implement complex and novel program analysis (pointer analysis, taint tracking, SQL injection detection)

$164,900 - $194,000 a year

Our goal is to competitively and fairly compensate every employee with a system that equally rewards those who are vocal and those who are less comfortable making demands during the final steps of the hiring process. To that end, we generate internal compensation bands that are used when discussing and negotiating salaries. We update these based on market data to make sure they’re above the average for comparable roles.

We also invest in our employees’ well-being and long term success with comprehensive health plans, generous vacation time, learning stipends, and more. Our benefits are for everyone, so that you’re taken care of, and we work with individuals to make sure they have what they need, whether that’s quiet work space, adjusted hours, or any other accommodation.

We have people from France and the Philippines, physics and philosophy, formal methods research and full fledged corporations. We’re new parents and new grads, aspiring authors and adrenaline addicts, dog lovers and dogfooders. We get together often to bike, bake, and meet up in parks. In our interactions, we believe respect and honesty go hand in hand, and prioritize both.

Semgrep is an equal-opportunity employer seeking a diverse range of backgrounds. We value who you are — including your cultural heritage, your socioeconomic status, your age, your race, your gender, your sexual orientation, your disabilities. We value what’s vitally important to you — your family, your religion, your politics. We value what you love in this world — your music, your weekend pursuits. We believe in welcoming varied professional backgrounds, educations, and interests. If you’re exceptional in your role, believe in Semgrep's mission, and treat Semgrep's values as your own, you belong here.

You will need working proficiency and communication skills in verbal and written English. We work as a hybrid on-site / remote organization. Semgrep primarily works in the Pacific, Eastern, and Central EU time zones.