×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Software Engineer Full Stack Developer

Senior Full Stack Engineer, Software Composition Analysis

Job in New York City, Richmond County, New York, 10261, USA
Listing for: Semgrep
Full Time, Part Time position
Listed on 2026-01-12
Job specializations:
  • Software Development
    Software Engineer, Full Stack Developer
Salary/Wage Range or Industry Benchmark: 176000 USD Yearly USD 176000.00 YEAR
Job Description & How to Apply Below

Senior Full Stack Engineer, Software Composition Analysis

About Semgrep Our mission is to make world‑class software security available to everyone. This means building program analysis tools that are open source, easy to use, powerful, and fast. It also means building a team with security expertise and a passion for great developer experiences. Most of all, it means working with honesty and respect in a diverse community of dreamers and builders.

We’ve redefined static analysis tooling by committing to all of these, and turned our project, Semgrep, into an essential safeguard for code at Snowflake, Dropbox, and more.

About

The Role

As a full‑stack engineer on Semgrep’s Supply Chain team, you’ll build customer‑facing tools to help developers secure their software from vulnerabilities introduced by dependencies. Other supply chain management tools exist, but they produce far too much noise to be useful or efficient. Security teams may file through thousands of vulnerabilities, informing developers that hundreds of their dependencies have introduced critical vulnerabilities and need updating, when in reality they are not even using those dependencies in a vulnerable way.

Perhaps you’ve even felt this pain yourself! Our goal is to cut through the noise: to make it easy to find and remediate the 2% of vulnerabilities that are actually reachable given the way our customers’ use their dependencies. We work to make supply chain security as simple and intuitive for our users as possible so developers can focus on their own mission.

You’ll learn about the application‑security space, mentor more junior developers, collaborate with product managers and other engineers to create security tools our customers love, architect systems for storing and maintaining sensitive data, and help us surface those data back to our users to help them understand their individual security posture. Through Semgrep’s culture of transparency, you’ll see and influence the decisions that make a startup successful.

You

Will
  • Work on major product initiatives end‑to‑end, from user‑research through design, implementation, and deployment
  • Help set technical and product direction, collaborating with the team to determine the future of the product, what features to build, and how to build them
  • Learn from users to understand their needs, build products to help keep them secure, and work with them to help them scale their security programs
  • Advocate for and develop intuitive, simple, robust APIs that solve a wide variety of complex problems using simple, elegant abstractions
  • Ensure continual, high‑availability operation of services using modern site‑reliability practices, including participation in an on‑call rotation
  • Advise and mentor other engineers via thoughtful code reviews, planning discussions, technical documentation, and formal mentorship
You Are Ideal For This Role If You Have
  • 5+ years of experience writing production software and building web applications. Our stack includes Python, Typescript, and Postgres
  • Excitement about building for customers, learning their needs, iterating fast, and seeing your solutions solve their core problems
  • Excellent and proactive communication, both verbal and written
Some Examples Projects You Might Work On Include
  • Identify which of a user’s dependencies would fix the highest number of downstream vulnerabilities when upgraded
  • Build data flow and call graphs to determine whether vulnerabilities from transitive dependencies are even reachable from users’ code
  • Collect and expose health metrics on open source dependencies to help keep users’ software free of poorly maintained, low quality, and malicious packages
  • Flag vulnerable dependencies in developer IDEs as they are used and prevent them from ever making it to production

This position is preffered to go into an office 2‑3 days/week.

Compensation

Salary Range: $176,000‑207,000. Our compensation package includes equity and benefits in addition to salary. Please note that the range listed is for someone based in the San‑Francisco Bay Area.

What We Offer

Our goal is to competitively and fairly compensate every Semgrep employee with a system that equally rewards those…

Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search