What are the responsibilities and job description for the Fullstack Senior Software Engineer, Security Workflows position at Semgrep?
About Semgrep
Semgrep, the leader in code security for builders, empowers invention without friction. Teams catch, flag, and fix real issues before they ship, powered by security that learns as they build. Semgrep secures code as it’s written and provides guardrails that pave the road for developers to move fast and stay secure. Built for builders and trusted by security, Semgrep lives where developers work, delivering fixes without breaking flow, and giving security teams visibility, control, and confidence. Semgrep gets smarter as you build, with AI that learns your context to cut false positives and prioritize reachable vulnerabilities, validated by 95% of security reviewers across 6M findings. Semgrep makes zero false positives a reality with AppSec teams triaging 80% fewer false positives across Code and Supply Chain, dramatically shrinking the backlog.
Founded in San Francisco and backed by Menlo Ventures, Felicis Ventures, Lightspeed Venture Partners, Redpoint Ventures, and Sequoia Capital, Semgrep is recognized by Gartner in Application Security Testing and is trusted by leading organizations, including Snowflake, Dropbox, and Figma. Learn more at semgrep.dev.
About The Role
As a member of the Security Workflows team, you’ll build customer-facing, cross-product integrations that make it simple for application security teams to prioritize, triage, and remediate vulnerabilities at scale. Whether that is through notifications, automating their workflows, reporting on how much time you saved them, or the next great idea, you’ll see how you can bring all the products together to help teams fix vulnerabilities fast and easy. Application Security teams deal with thousands of vulnerabilities every day, and our goal is to enable teams to cut through the noise and more efficiently focus on the most impactful vulnerabilities first. We aim to help AppSec teams fix vulnerabilities by building integrations with the systems where developers are already active.
You’ll learn about the application-security space, mentor more junior developers, collaborate with product managers and other engineers to create security tools our customers love, architect systems for storing and maintaining sensitive data, and help us surface those data back to our users to help them understand their individual security posture. Through Semgrep’s culture of transparency, you’ll see and influence the decisions that make a startup successful. Your decisions will be key to making Semgrep a world-leading static-analysis project, giving you lasting influence not only at Semgrep, but in the world’s developer community.
You Will
Salary Range: $176,000-207,000
Our compensation package includes equity and benefits in addition to salary.
Please note that the range listed is for someone based in the San Francisco Bay Area.
What We Offer (FTE Only)
Our goal is to competitively and fairly compensate every Semgrep employee with a system that equally rewards those who are vocal and those who are less comfortable making demands during the final steps of the hiring process. To that end, we generate internal compensation bands that are used when discussing and negotiating salaries. We update these based on market data to make sure they’re above the average for comparable roles.
We invest in our employees’ well-being and long-term success through a competitive, market-aligned benefits program that meets or exceeds local market standards across all of the regions in which we hire. Benefits offerings vary by location to reflect local requirements and norms. For more detailed, location-specific information, please visit Semgrep Benefits.
Who We Are
We bring together people from a wide range of backgrounds and disciplines—from physics and philosophy to formal methods research and full-fledged corporations. We’re new parents and new grads, dog lovers and dogfooders. We get together often to bike, bake, and meet up in parks. In our interactions, we believe respect and honesty go hand in hand, and prioritize both.
Semgrep is an equal-opportunity employer seeking a diverse range of backgrounds. We value who you are — including your cultural heritage, your socioeconomic status, your age, your race, your gender, your sexual orientation, your disabilities. We value what’s vitally important to you — your family, your religion, your politics. We value what you love in this world — your music, your weekend pursuits. We believe in welcoming varied professional backgrounds, educations, and interests. If you’re exceptional in your role, believe in Semgrep’s mission, and treat Semgrep’s values as your own, you belong here.
Please Note: For US-based roles open to remote work, we are currently able to hire employees in the following states only: Arizona, California, Colorado, Connecticut, District of Columbia, Florida, Georgia, Illinois, Maryland, Massachusetts, Michigan, Missouri, Nebraska, New Jersey, New York, North Carolina, Oregon, Tennessee, Texas, Virginia, Washington, and Wisconsin.
Semgrep, the leader in code security for builders, empowers invention without friction. Teams catch, flag, and fix real issues before they ship, powered by security that learns as they build. Semgrep secures code as it’s written and provides guardrails that pave the road for developers to move fast and stay secure. Built for builders and trusted by security, Semgrep lives where developers work, delivering fixes without breaking flow, and giving security teams visibility, control, and confidence. Semgrep gets smarter as you build, with AI that learns your context to cut false positives and prioritize reachable vulnerabilities, validated by 95% of security reviewers across 6M findings. Semgrep makes zero false positives a reality with AppSec teams triaging 80% fewer false positives across Code and Supply Chain, dramatically shrinking the backlog.
Founded in San Francisco and backed by Menlo Ventures, Felicis Ventures, Lightspeed Venture Partners, Redpoint Ventures, and Sequoia Capital, Semgrep is recognized by Gartner in Application Security Testing and is trusted by leading organizations, including Snowflake, Dropbox, and Figma. Learn more at semgrep.dev.
About The Role
As a member of the Security Workflows team, you’ll build customer-facing, cross-product integrations that make it simple for application security teams to prioritize, triage, and remediate vulnerabilities at scale. Whether that is through notifications, automating their workflows, reporting on how much time you saved them, or the next great idea, you’ll see how you can bring all the products together to help teams fix vulnerabilities fast and easy. Application Security teams deal with thousands of vulnerabilities every day, and our goal is to enable teams to cut through the noise and more efficiently focus on the most impactful vulnerabilities first. We aim to help AppSec teams fix vulnerabilities by building integrations with the systems where developers are already active.
You’ll learn about the application-security space, mentor more junior developers, collaborate with product managers and other engineers to create security tools our customers love, architect systems for storing and maintaining sensitive data, and help us surface those data back to our users to help them understand their individual security posture. Through Semgrep’s culture of transparency, you’ll see and influence the decisions that make a startup successful. Your decisions will be key to making Semgrep a world-leading static-analysis project, giving you lasting influence not only at Semgrep, but in the world’s developer community.
You Will
- Work on major product initiatives end-to-end, from user-research through design, implementation, and deployment
- Help set technical and product direction, collaborating with the team to determine the future of the product, what features to build, and how to build them
- Learn from users to understand their needs, build products to help keep them secure, and work with them to help them scale their security programs
- Advocate for and develop intuitive, simple, robust APIs that solve a wide variety of complex problems using simple, elegant abstractions
- Ensure continual, high-availability operation of services using modern site-reliability practices, including participation in an on-call rotation
- Advise and mentor other engineers via thoughtful code reviews, planning discussions, technical documentation, and formal mentorship
- 6 years of experience writing production software and building web applications. Our stack includes Python, Javascript, and Postgres
- Have experience building 3rd party integrations
- Have experience with ClickHouse, or have experience building reporting / analytics solutions
- Excitement about building for customers, learning their needs, iterating fast, and seeing your solutions solve their core problems
- Excellent and proactive communication, both verbal and written
- “If this then that”-style notification system
- Expanding our integrations catalog (Jira on-prem, Linear, Asana, etc.)
- Unifying product experience by providing reusable foundational components that make building new products easy
- Provide customers and their champions visibility into the value Semgrep is bringing them through dashboards, reporting, and easy to understand metrics
Salary Range: $176,000-207,000
Our compensation package includes equity and benefits in addition to salary.
Please note that the range listed is for someone based in the San Francisco Bay Area.
What We Offer (FTE Only)
Our goal is to competitively and fairly compensate every Semgrep employee with a system that equally rewards those who are vocal and those who are less comfortable making demands during the final steps of the hiring process. To that end, we generate internal compensation bands that are used when discussing and negotiating salaries. We update these based on market data to make sure they’re above the average for comparable roles.
We invest in our employees’ well-being and long-term success through a competitive, market-aligned benefits program that meets or exceeds local market standards across all of the regions in which we hire. Benefits offerings vary by location to reflect local requirements and norms. For more detailed, location-specific information, please visit Semgrep Benefits.
Who We Are
We bring together people from a wide range of backgrounds and disciplines—from physics and philosophy to formal methods research and full-fledged corporations. We’re new parents and new grads, dog lovers and dogfooders. We get together often to bike, bake, and meet up in parks. In our interactions, we believe respect and honesty go hand in hand, and prioritize both.
Semgrep is an equal-opportunity employer seeking a diverse range of backgrounds. We value who you are — including your cultural heritage, your socioeconomic status, your age, your race, your gender, your sexual orientation, your disabilities. We value what’s vitally important to you — your family, your religion, your politics. We value what you love in this world — your music, your weekend pursuits. We believe in welcoming varied professional backgrounds, educations, and interests. If you’re exceptional in your role, believe in Semgrep’s mission, and treat Semgrep’s values as your own, you belong here.
Please Note: For US-based roles open to remote work, we are currently able to hire employees in the following states only: Arizona, California, Colorado, Connecticut, District of Columbia, Florida, Georgia, Illinois, Maryland, Massachusetts, Michigan, Missouri, Nebraska, New Jersey, New York, North Carolina, Oregon, Tennessee, Texas, Virginia, Washington, and Wisconsin.
Salary : $176,000 - $207,000