Senior Security Engineer at Semgrep

ABOUT SEMGREP Semgrep, the leader in code security for builders, empowers invention without friction. Teams catch, flag, and fix real issues before they ship, powered by security that learns as they build. Semgrep secures code as it’s written and provides guardrails that pave the road for developers to move fast and stay secure. Built for builders and trusted by security, Semgrep lives where developers work, delivering fixes without breaking flow, and giving security teams visibility, control, and confidence. Semgrep gets smarter as you build, with AI that learns your context to cut false positives and prioritize reachable vulnerabilities, validated by 95% of security reviewers across 6M+ findings. Semgrep makes zero false positives a reality with AppSec teams triaging 80% fewer false positives across Code and Supply Chain, dramatically shrinking the backlog. Founded in San Francisco and backed by Menlo Ventures, Felicis Ventures, Lightspeed Venture Partners, Redpoint Ventures, and Sequoia Capital, Semgrep is recognized by Gartner in Application Security Testing and is trusted by leading organizations, including Snowflake, Dropbox, and Figma. Learn more at semgrep.dev [Upgrade to PRO to see link] ABOUT THE TEAM The Internal Security & Tech Ops team is focused on securing our company and, by extension, our customers and their data. We also provide core technology services to Semgrep's employees. We are responsible for securing Semgrep, representing its security posture to our customers, and providing the services and platforms that our employees rely on. Our mission is to move Semgrep's security from good to excellent. We strive to be a group that is approachable and customer-orientated. We value constant improvement, leveraging automation and the latest tools and technologies. Internal Security helps lead our cross-company Security Guild; provides security expertise as part of Semgrep's greater security mission; and partners closely with the Engineering, People Ops and Go-to-Market teams. ABOUT THE ROLE As a Senior Security Engineer, you will help lead our product-focused security efforts. You will embed with our Engineering teams and take our Cloud and Product Security from good to great. We value candidates who have a strong background in Software Engineering and have a track record of both finding security issues in existing infrastructure and working to bake security into future products. To succeed in this role, you must be a ‘builder’ as well as a ‘breaker’. You will: - Lead Internal Security’s work to improve our production security - Embed with our Infrastructure and App Dev teams - Help design, and implement, platform security features - Set our production security priorities, strategy, and roadmap - Create, deploy and operate production security tooling (both custom solutions, as well as third-party tools) - Be one of the primary owners of our internal Semgrep.dev [Upgrade to PRO to see link] instance You are ideal for this role if you: - Have 7+ years of experience in security engineering or product security roles - Have excellent technical project management and interpersonal skills - Have deep expertise across a variety of security domains; with an emphasis on Cloud Security, Product Security, and Securing Engineering - Are able to be a senior contributor, embedded within our Engineering teams - Enjoy leading technical projects as well as contributing to cross-functional teams - Experienced with securing modern cloud-based applications, with hands on building secure solutions with AWS or GCP primitives This is a hybrid role with the expectation you’ll join us 3+ days per week in our San Francisco, New York, Boston or Denver offices depending on team. Remote employment will be considered for exceptional candidates as well. COMPENSATION Salary Range: $222,000-278,000 Our compensation package includes equity and benefits in addition to salary. Please note that the range listed is for someone based in the San Francisco Bay Area. WHAT WE OFFER (FTE ONLY) Our goal is to competitively and fairly compensate every Semgrep employee with a system that equally rewards those who are vocal and those who are less comfortable making demands during the final steps of the hiring process. To that end, we generate internal compensation bands that are used when discussing and negotiating salaries. We update these based on market data to make sure they’re above the average for comparable roles. We invest in our employees’ well-being and long-term success through a competitive, market-aligned benefits program that meets or exceeds local market standards across all of the regions in which we hire. Benefits offerings vary by location to reflect local requirements and norms. For more detailed, location-specific information, please visit Semgrep Benefits [Upgrade to PRO to see link] WHO WE ARE We bring together people from a wide range of backgrounds and disciplines—from physics and philosophy to formal methods research and full-fledged corporations. We’re new parents and new grads, dog lovers and dogfooders. We get together often to bike, bake, and meet up in parks. In our interactions, we believe respect and honesty go hand in hand, and prioritize both. Semgrep is an equal-opportunity employer seeking a diverse range of backgrounds. We value who you are — including your cultural heritage, your socioeconomic status, your age, your race, your gender, your sexual orientation, your disabilities. We value what’s vitally important to you — your family, your religion, your politics. We value what you love in this world — your music, your weekend pursuits. We believe in welcoming varied professional backgrounds, educations, and interests. If you’re exceptional in your role, believe in Semgrep’s mission, and treat Semgrep’s values as your own, you belong here. Please Note: For US-based roles open to remote work, we are currently able to hire employees in the following states only: Arizona, California, Colorado, Connecticut, District of Columbia, Florida, Georgia, Illinois, Maryland, Massachusetts, Michigan, Missouri, Nebraska, New Jersey, New York, North Carolina, Oregon, Tennessee, Texas, Virginia, Washington, and Wisconsin.