Senior Program Analysis Engineer, Semgrep Analysis Foundations

As a member of the Semgrep Analysis Foundations team, you’ll own the code analysis that underlies our products, doing whatever is needed to make it work seamlessly for our users. You’ll help Semgrep scan ever-larger repositories, run in environments ranging from continuous integration containers to developer IDEs, understand the semantics of a wide range of programming languages, and build for different operating systems. All the while, you’ll ensure we release improvements frequently and painlessly, supporting our culture of fast experimentation. Through Semgrep’s culture of transparency, you’ll see and influence the decisions that make a startup successful. Your decisions will be key to making Semgrep a world-leading static-analysis project, giving you lasting influence not only at Semgrep, but in the world’s developer community.

You will:

• Optimize Semgrep's core analysis engine for performance, memory efficiency, and scalability across repositories of all sizes
• Ensure that our changes are released frequently and reliably through a number of distribution methods, including pip, homebrew, and docker
• Build tooling that allows us to support our users more effectively when they encounter problems
• Make fundamental improvements to Semgrep's static analysis capabilities that allow it to integrate effectively with other analysis techniques (exploit verification, LLM contextualization) that together produce extremely high-signal security results
• Advocate for architectural decisions that make our code easy to reason about and allow us to scale with an exponentially growing number of users
• Help set the technical roadmap for our foundational analysis, listening to our users as well as program analysis engineers and security researchers across the company
• Advise and mentor other engineers via thoughtful code reviews, planning discussions, technical documentation, and formal mentorship

You are ideal for this role if you have:

• Interest in code analysis. If you’ve ever spent time studying how your interpreter, compiler, linter, or garbage collector works, come work with us!
• Experience owning the success of a critical service with a large and exponentially growing number of users, particularly its performance and reliability, with the help of frameworks like Opentelemetry
• Experience building OCaml applications for multiple operating systems, such as Linux, Apple Silicon, and Windows, including in CI environments
• Passion for shipping quickly and safely, caring deeply about solving real problems for our users and allowing them to depend on us
• Excellent and proactive communication, both verbal and written

Some examples projects you might work on include:

• Profile and optimize Semgrep's core analysis algorithms to achieve 10x performance improvements on large codebases
• Improve our observability tooling to reduce the time taken to identify the root cause of performance issues and analysis bugs
• Build a comprehensive performance testing platform that catches regressions and validates optimizations across diverse codebases
• Implement memory-efficient data structures and caching strategies to handle enterprise-scale repositories
• Streamline OCaml build processes and dependency management to reduce compilation times and improve developer experience
• In partnership with our Managed Scanning team, propose and lead the implementation of a release process that reduces release cycles from weekly to daily or continuously for most users

Salary Range: $176,000-207,000 USD

Our compensation package includes equity and benefits in addition to salary.

Please note that the range listed is for someone based in the San Francisco Bay Area.