Senior Security Researcher

About the role

As a member of the security research team, your role is to convert the world's security expertise into actionable rules that anyone can use. This involves transforming insecure coding patterns found in blog posts, OWASP guides, and conference talks into Semgrep rules that empower developers to write secure code. By providing immediate feedback through IDEs and pull requests, you'll make the development process more efficient and effective for developers. Moreover, your work will benefit security professionals and researchers, enabling them to do their jobs better and faster.

You'll have the opportunity to meet with developers and security professionals from different organizations, ranging from small startups to large social media giants. Working in a transparent culture, you'll be able to see and influence the decisions that make an early-stage startup successful. You'll learn and grow with your team, gaining expertise in various languages and tech stacks, performing new research that pushes the industry forward, and mentoring your colleagues. Since your contributions will have a significant impact on the company's products, you'll have the chance to innovate and make meaningful changes.

Location expectations:

• Our expectation is that this role will be based 100% remote.

Prior experience in a fast-paced, tech environment is helpful, but we are more interested in your passion for security and problem solving skills than your pedigree. So if this opportunity excites you but you don’t meet the exact requirements, apply anyway!

What you’ll do

• Create Semgrep rules that not only improve companies' security posture but also delight users.
• Continuously learning about new programming languages and technologies, identifying their security features and potential vulnerabilities.
• Help the team scale its impact 100x through tooling, automation, and other innovative approaches.
• Collaborate with other security research team members, sharing knowledge and contributing to each other's growth.
• Work closely with a team of program analysis experts to drive the development of Semgrep's core engine.
• Share your security expertise with the wider community through blog posts, conference talks, tutorials, workshops, and other platforms.
• Provide your perspective as a security domain expert to shape the direction of Semgrep's products.
• Conceive and prototyping innovative use cases for Semgrep that go beyond what has been previously imagined.
• Foster a security-focused culture at Semgrep and serving as a security resource to other teams and departments.
• Cultivate a productive, engaging, diverse, and inclusive work environment that aligns with Semgrep's core values.

You are ideal for this role if you have

• Strong expertise in software security, including fundamental principles, best practices, and the ability to dive into nitty-gritty details.
• Experience auditing and writing code in two or more programming languages.
• A passion to build tools, prototype new ideas, and automate the world
• A strong desire to continuously learn and improve their skills and knowledge, and a passion for sharing what they learn both inside and outside of Semgrep.
• Motivation to raise the bar for security across various companies in the industry.
• The ability to quickly become an expert in a new programming language, web framework, or technology.
• The ability to work independently and thrive in a high trust, low oversight environment, breaking down tasks into short milestones and owning the outcomes.
• Enjoyment in writing blog posts and giving talks about security-related technical work they've done.
• Experience finding vulnerabilities, explaining their impact and context to developers responsible for fixing them, whether as a security consultant, internal security engineer, or bug bounty researcher.

Compensation

Salary Range: $184,000 - $222,000

Our compensation package includes equity and benefits in addition to salary.

Please note that the range listed is for someone based in the San Francisco Bay Area.

What we offer

Our goal is to competitively and fairly compensate every Semgrep employee with a system that equally rewards those who are vocal and those who are less comfortable making demands during the final steps of the hiring process. To that end, we generate internal compensation bands that are used when discussing and negotiating salaries. We update these based on market data to make sure they’re above the average for comparable roles.

We also invest in our employees’ well-being and long term success with comprehensive health plans, generous vacation time, 401k matching, learning stipends, and more. Our benefits are for everyone, so that you’re taken care of, and we work with individuals to make sure they have what they need, whether that’s quiet work space, adjusted hours, or something else.