What are the responsibilities and job description for the Security Research Manager, Coverage Team position at Semgrep?
About Semgrep
Semgrep, the leader in code security for builders, empowers invention without friction. Teams catch, flag, and fix real issues before they ship, powered by security that learns as they build. Semgrep secures code as it’s written and provides guardrails that pave the road for developers to move fast and stay secure. Built for builders and trusted by security, Semgrep lives where developers work, delivering fixes without breaking flow, and giving security teams visibility, control, and confidence. Semgrep gets smarter as you build, with AI that learns your context to cut false positives and prioritize reachable vulnerabilities, validated by 95% of security reviewers across 6M findings. Semgrep makes zero false positives a reality with AppSec teams triaging 80% fewer false positives across Code and Supply Chain, dramatically shrinking the backlog.
Founded in San Francisco and backed by Menlo Ventures, Felicis Ventures, Lightspeed Venture Partners, Redpoint Ventures, and Sequoia Capital, Semgrep is recognized by Gartner in Application Security Testing and is trusted by leading organizations, including Vanta, Lyft, and Dropbox. Learn more at semgrep.dev.
About The Role
You will lead the team of Security Researchers responsible for driving the coverage through rules for Secrets, Code, and Supply Chain: across all of our products. This team owns:
You Will
Compensation ranges are reviewed regularly and may be adjusted as the role, individual performance, or market conditions evolve.
What We Offer (FTE Only)
Our goal is to competitively and fairly compensate every Semgrep employee with a system that equally rewards those who are vocal and those who are less comfortable making demands during the final steps of the hiring process. To that end, we generate internal compensation bands that are used when discussing and negotiating salaries. We update these based on market data to make sure they’re above the average for comparable roles.
We invest in our employees’ well-being and long-term success through a competitive, market-aligned benefits program that meets or exceeds local market standards across all of the regions in which we hire. Benefits offerings vary by location to reflect local requirements and norms. For more detailed, location-specific information, please visit Semgrep Benefits.
Who We Are
We bring together people from a wide range of backgrounds and disciplines—from physics and philosophy to formal methods research and full-fledged corporations. We’re new parents and new grads, dog lovers and dogfooders. We get together often to bike, bake, and meet up in parks. In our interactions, we believe respect and honesty go hand in hand, and prioritize both.
Semgrep is an equal-opportunity employer seeking a diverse range of backgrounds. We value who you are — including your cultural heritage, your socioeconomic status, your age, your race, your gender, your sexual orientation, your disabilities. We value what’s vitally important to you — your family, your religion, your politics. We value what you love in this world — your music, your weekend pursuits. We believe in welcoming varied professional backgrounds, educations, and interests. If you’re exceptional in your role, believe in Semgrep’s mission, and treat Semgrep’s values as your own, you belong here.
Please Note: For US-based roles open to remote work, we are currently able to hire employees in the following states only: Arizona, California, Colorado, Connecticut, District of Columbia, Florida, Georgia, Illinois, Maryland, Massachusetts, Michigan, Missouri, Nebraska, New Jersey, New York, North Carolina, Oregon, Tennessee, Texas, Virginia, Washington, and Wisconsin.
Semgrep, the leader in code security for builders, empowers invention without friction. Teams catch, flag, and fix real issues before they ship, powered by security that learns as they build. Semgrep secures code as it’s written and provides guardrails that pave the road for developers to move fast and stay secure. Built for builders and trusted by security, Semgrep lives where developers work, delivering fixes without breaking flow, and giving security teams visibility, control, and confidence. Semgrep gets smarter as you build, with AI that learns your context to cut false positives and prioritize reachable vulnerabilities, validated by 95% of security reviewers across 6M findings. Semgrep makes zero false positives a reality with AppSec teams triaging 80% fewer false positives across Code and Supply Chain, dramatically shrinking the backlog.
Founded in San Francisco and backed by Menlo Ventures, Felicis Ventures, Lightspeed Venture Partners, Redpoint Ventures, and Sequoia Capital, Semgrep is recognized by Gartner in Application Security Testing and is trusted by leading organizations, including Vanta, Lyft, and Dropbox. Learn more at semgrep.dev.
About The Role
You will lead the team of Security Researchers responsible for driving the coverage through rules for Secrets, Code, and Supply Chain: across all of our products. This team owns:
- Writing high-quality detection rules
- Advancing research and automation to make rule writing faster and more accurate
- Measuring and improving the overall quality and coverage of detections
You Will
- Hire, develop, and grow the team, cultivating a productive, engaging, diverse, and inclusive work environment that aligns with Semgrep's core values
- Work closely with product management, sales, and product development teams across all product lines
- Understand, measure, and elevate the velocity and quality of Semgrep detection rule delivery
- Prioritize your team’s work and schedules, balancing current product needs with strategic research that will help scale the team through AI and automation
- Contribute to the technical direction and to the research (depending on your profile)
- Directly impact the security posture of many customers by improving the quality of our detection
- 2 years experience as a People Manager
- 5 years experience as a Tech Lead in the Security space: App Sec Engineer, Security Researcher, Vulnerability Researcher, etc
- Comfortable working in a fast-paced environments where prototypes are rapidly iterated or discarded
- Comfortable tech leading and mentoring Security Researchers
- Excellent proactive communication skills, both verbal and written
- Fit in our low-ego high-impact culture
- Excitement about building for customers, iterating fast, and seeing solutions solve real developer problems
- Curiosity and a love of new technologies, especially AI/ML
- Comfortable writing code, especially in Python or Rust
- Improve and scale Semgrep’s automated pipelines for generating and validating high-confidence detection rules
- Lead a team to identify and analyze vulnerability patterns (CVEs or from first-principle) across languages and ecosystems, and turn those into detection rules. Example: Improve supply chain reachability product for a given language, Code product can report security issues that cross the Android JNI interfaces, etc.
- Put in place unified measurements for performance of detection to ensure the best quality across our customers
Compensation ranges are reviewed regularly and may be adjusted as the role, individual performance, or market conditions evolve.
What We Offer (FTE Only)
Our goal is to competitively and fairly compensate every Semgrep employee with a system that equally rewards those who are vocal and those who are less comfortable making demands during the final steps of the hiring process. To that end, we generate internal compensation bands that are used when discussing and negotiating salaries. We update these based on market data to make sure they’re above the average for comparable roles.
We invest in our employees’ well-being and long-term success through a competitive, market-aligned benefits program that meets or exceeds local market standards across all of the regions in which we hire. Benefits offerings vary by location to reflect local requirements and norms. For more detailed, location-specific information, please visit Semgrep Benefits.
Who We Are
We bring together people from a wide range of backgrounds and disciplines—from physics and philosophy to formal methods research and full-fledged corporations. We’re new parents and new grads, dog lovers and dogfooders. We get together often to bike, bake, and meet up in parks. In our interactions, we believe respect and honesty go hand in hand, and prioritize both.
Semgrep is an equal-opportunity employer seeking a diverse range of backgrounds. We value who you are — including your cultural heritage, your socioeconomic status, your age, your race, your gender, your sexual orientation, your disabilities. We value what’s vitally important to you — your family, your religion, your politics. We value what you love in this world — your music, your weekend pursuits. We believe in welcoming varied professional backgrounds, educations, and interests. If you’re exceptional in your role, believe in Semgrep’s mission, and treat Semgrep’s values as your own, you belong here.
Please Note: For US-based roles open to remote work, we are currently able to hire employees in the following states only: Arizona, California, Colorado, Connecticut, District of Columbia, Florida, Georgia, Illinois, Maryland, Massachusetts, Michigan, Missouri, Nebraska, New Jersey, New York, North Carolina, Oregon, Tennessee, Texas, Virginia, Washington, and Wisconsin.
Salary : $255,200 - $319,000