Senior Program Analysis Software Engineer

About the role

As a Program Analysis engineer, you'll work on the beating heart of our business - the world-class Semgrep engine that analyzes source code to detect high-impact real-world security vulnerabilities. You'll collaborate closely with our Security Research team to improve the quality and quantity of vulnerabilities detected in source code written in an ever-growing set of programming languages using state-of-the-art static analysis and program analysis techniques. Additionally, you'll quantify and optimize the performance of the engine using data-driven approaches wherever it runs - from our hosted Managed Scanning platform to AI Agents via MCP. Our stack utilizes OCaml, Python, OpenTelemetry and Datadog. Professional experience with OCaml is preferred but not required provided you are willing to learn quickly and have other functional programming experience. This is a hybrid role with the expectation you'll join us 3+ days per week in our San Francisco, New York, Boston or Denver offices depending on team. We bring together people from a wide range of backgrounds and disciplines-from physics and philosophy to formal methods research and full-fledged corporations. We're new parents and new grads, dog lovers and dogfooders. We get together often to bike, bake, and meet up in parks. In our interactions, we believe respect and honesty go hand in hand, and prioritize both. Semgrep is an equal-opportunity employer seeking a diverse range of backgrounds. We value who you are - including your cultural heritage, your socioeconomic status, your age, your race, your gender, your sexual orientation, your disabilities. We value what's vitally important to you - your family, your religion, your politics. We value what you love in this world - your music, your weekend pursuits. We believe in welcoming varied professional backgrounds, educations, and interests. If you're exceptional in your role, believe in Semgrep's mission, and treat Semgrep's values as your own, you belong here. Please Note: For US-based roles open to remote work, we are currently able to hire employees in the following states only: Arizona, California, Colorado, Connecticut, District of Columbia, Florida, Georgia, Illinois, Marylan

Benefits

Additional Information

About Semgrep Semgrep, the leader in code security for builders, empowers invention without friction. Teams catch, flag, and fix real issues before they ship, powered by security that learns as they build. Semgrep secures code as it's written and provides guardrails that pave the road for developers to move fast and stay secure. Built for builders and trusted by security, Semgrep lives where developers work, delivering fixes without breaking flow, and giving security teams visibility, control, and confidence. Semgrep gets smarter as you build, with AI that learns your context to cut false positives and prioritize reachable vulnerabilities, validated by 95% of security reviewers across 6M+ findings. Semgrep makes zero false positives a reality with AppSec teams triaging 80% fewer false positives across Code and Supply Chain, dramatically shrinking the backlog. Founded in San Francisco and backed by Menlo Ventures, Felicis Ventures, Lightspeed Venture Partners, Redpoint Ventures, and Sequoia Capital, Semgrep is recognized by Gartner in Application Security Testing and is trusted by leading organizations, including Vanta, Lyft, and Dropbox. Learn more at semgrep.dev .

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at semgrep? Share your experience