About Semgrep Semgrep, the leader in code security for builders, empowers invention without friction. Teams catch, flag, and fix real issues before they ship, powered by security that learns as they build. Semgrep secures code as it’s written and provides guardrails that pave the road for developers to move fast and stay secure. Built for builders and trusted by security, Semgrep lives where developers work, delivering fixes without breaking flow, and giving security teams visibility, control, and confidence. Semgrep gets smarter as you build, with AI that learns your context to cut false positives and prioritize reachable vulnerabilities, validated by 95% of security reviewers across 6M+ findings. Semgrep makes zero false positives a reality with AppSec teams triaging 80% fewer false positives across Code and Supply Chain, dramatically shrinking the backlog. Founded in San Francisco and backed by Menlo Ventures, Felicis Ventures, Lightspeed Venture Partners, Redpoint Ventures, and Sequoia Capital, Semgrep is recognized by Gartner in Application Security Testing and is trusted by leading organizations, including Snowflake, Dropbox, and Figma. Learn more at semgrep.dev . About the role As a developer-first tool, Semgrep surfaces vulnerabilities as early as possible to developers. Historically, that has meant displaying findings in the IDE, while developers still have context. With the advent of AI-agent coding, this means surfacing findings to the AI-agent so that they can be fixed before developers even see them. We’re looking for someone to focus on building the best secure development experience, whether that’s preventing hand-written bugs from making their way into production or keeping AI agents from writing security vulnerabilities. You would lead the way in designing secure coding for the LLM age, keeping up with industry coding patterns, speaking directly to customers, and iterating quickly while keeping long-term sustainability in mind. The ecosystem will change a lot, and what is optimal today will no longer be tomorrow. If that’s exciting to you, you’re perfect for the role! You will: Own our MCP server and IDE extension across popular editors and agentic coding tools Experiment with Claude and Cursor hooks, working directly with Anthropic and Cursor engineers to influence how they develop these tools Build comprehensive observability and debugging tools that help us quickly identify and resolve issues in diverse customer environments Advocate for architectural decisions that make our code easy to reason about and allow us to scale with an exponentially growing number of users Advise and mentor other engineers via thoughtful code reviews, planning discussions, technical documentation, and formal mentorship You are ideal for this role if you have: Developed an IDE extension for a popular language or tool Built and maintained high-availability, low-latency systems that require real-time responsiveness Built cross-platform applications for Linux, macOS, and Windows, including automated testing and CI/CD pipelines Passion for shipping quickly and safely, caring deeply about solving real problems for our users and allowing them to depend on us Excellent and proactive communication, both verbal and written Interest in code analysis and experience or interest in working in a functional programming language (OCaml, Haskell). If you’ve ever spent time studying how your interpreter, compiler, linter, or garbage collector works, come work with us! Some example projects you might work on include: Develop IDE-optimized features like incremental scanning and smart caching for instant feedback without disrupting developer flow Create MCP tools that help AI assistants write secure code by providing real-time guidance, suggesting safer alternatives, and validating generated code Build code navigation features that help developers understand security implications and enforce best practices using Semgrep analysis Integrate our MCP server backend with the main infrastructure for running scans Implement telemetry to track the effectiveness of Semgrep detection and judge which rules are performing the best in the IDE context Build intelligent code navigation features that help developers understand security implications across their codebase, enforce coding standards, and discover relevant existing patterns using Semgrep's analysis capabilities Compensation The estimated starting annual salary range for this position is $176,000 to $207,000 USD. The actual base salary will be determined based on a number of factors, which may include job-related skills, relevant experience, qualifications, location, internal equity, and market data. In addition to base salary, total compensation may include equity, variable compensation, and benefits. We view equity as a meaningful part of our compensation philosophy and a way for employees to share in the long-term value they help create. Compensation ranges are reviewed regularly and may be adjusted as the role, individual performance, or market conditions evolve. What we offer Our goal is to competitively and fairly compensate every Semgrep employee with a system that equally rewards those who are vocal and those who are less comfortable making demands during the final steps of the hiring process. To that end, we generate internal compensation bands that are used when discussing and negotiating salaries. We update these based on market data to make sure they’re above the average for comparable roles. We also invest in our employees’ well-being and long term success with comprehensive health plans, generous vacation time, 401k, learning stipends, and more. Our benefits are for everyone, so that you’re taken care of, and we work with individuals to make sure they have what they need, whether that’s quiet work space, adjusted hours, or something else. Who we are We have people from France and the Philippines, physics and philosophy, formal methods research and full fledged corporations. We’re new parents and new grads, aspiring authors and aspiring Americans, dog lovers and dogfooders. We get together often to bike, bake, and meet up in parks. In our interactions, we believe respect and honesty go hand in hand, and prioritize both. Semgrep is an equal-opportunity employer seeking a diverse range of backgrounds. We value who you are — including your cultural heritage, your socioeconomic status, your age, your race, your gender, your sexual orientation, your disabilities. We value what’s vitally important to you — your family, your religion, your politics. We value what you love in this world — your music, your weekend pursuits. We believe in welcoming varied professional backgrounds, educations, and interests. If you’re exceptional in your role, believe in Semgrep’s mission, and treat Semgrep’s values as your own, you belong here. Please Note: For US-based roles open to remote work, we are currently able to hire employees in the following states only: Arizona, California, Colorado, Connecticut, District of Columbia, Florida, Georgia, Illinois, Maryland, Massachusetts, Michigan, Missouri, Nebraska, New Jersey, New York, North Carolina, Oregon, Tennessee, Texas, Virginia, Washington, and Wisconsin.
Read Less
