Senior AI Product Engineer
About Semgrep
Semgrep is on a mission to make it expensive to exploit software. As the team behind the most popular SAST, we built the Semgrep AppSec Platform to deliver industry-leading code, dependency, and secrets scanning to enable organizations to ship secure code quickly without slowing down development.
With fast, customizable code analysis across large codebases, Semgrep helps teams catch vulnerabilities early and fix them faster. Leading companies like Snowflake, Plaid, Figma, Lyft, and Dropbox rely on Semgrep to secure their software.
Semgrep is funded by top investors, including Felicis Ventures, Lightspeed Venture Partners, Menlo Ventures, Redpoint Ventures, and Sequoia Capital.
About the role
As an AI product engineer on Semgrep's supply chain team, you'll apply cutting-edge AI/ML tools from industry leaders (e.g. OpenAI, Anthropic, Hugging Face, Amazon, Google) to build solutions that deliver compounding value for developers.
Semgrep’s supply chain product team builds customer-facing tools to help developers secure their software from vulnerabilities introduced by dependencies. Other supply chain management tools exist, but they produce far too much noise to be useful or efficient. Security teams may file through thousands of vulnerabilities, informing developers that hundreds of their dependencies have introduced critical vulnerabilities and need updating, when in reality they are not even using those dependencies in a vulnerable way. Perhaps you’ve even felt this pain yourself!
Our goal is to cut through the noise: to make it easy to find and remediate the 2% of vulnerabilities that are actually reachable given the way our customers’ use their dependencies. We work to make supply chain security as simple and intuitive for our users as possible so developers can focus on their own mission. AI has had a profound effect on Semgrep’s ability to cut through the noise so far, and it will likely unlock more potential in the future.
You'll help shape Semgrep into a world-leading static-analysis project while learning about application security, mentoring junior engineers, collaborating on customer-loved tools, architecting data systems, and helping users understand their security posture. Through Semgrep's culture of transparency, you'll see and influence the decisions that make a startup successful.
You will:
- Integrate AI platform APIs into the product
- Develop prompt chains for LLMs
- Experiment with the latest technology advances and understand how they can be leveraged into the product
- Train and fine-tune the ML models using human and machine-generated data
- Learn from users to understand their needs, build products to help keep them secure, and work with them to help them scale their security programs
- Work on major product initiatives end-to-end, from user-research through design, implementation, and deployment
- Ensure continual, high-availability operation of services using modern site-reliability practices, including participation in an on-call rotation
You are ideal for this role if you have:
- 5+ years of experience writing production software
- Curiosity and a love of new technologies
- Experience hacking with GPT-4, Codex, or other LLMs. Experience with ML algorithms and/or research.
- Experience working in a startup or fast-paced environment, comfortable with discarding prototypes often
- Comfortable with coding in Python
- Interest in prompt engineering and vector databases
- Excitement about building for customers, learning their needs, iterating fast, and seeing your solutions solve their core problems
- Excellent and proactive communication, both verbal and written
Some examples projects you might work on include:
- Identify breaking changes between different package versions according to customers’ usage of a dependency
- Provide actionable remediation guidance for vulnerabilities in third-party dependencies
- Identify which of a user’s dependencies would fix the highest number of downstream vulnerabilities when upgraded
- Collect and expose health metrics on open source dependencies to help keep users’ software free of poorly maintained, low quality, and malicious packages
Compensation
Salary Range: $176,000 - $207,000
Our compensation package includes equity and benefits in addition to salary.
Please note that the range listed is for someone based in the San Francisco Bay Area.
What we offer
Our goal is to competitively and fairly compensate every Semgrep employee with a system that equally rewards those who are vocal and those who are less comfortable making demands during the final steps of the hiring process. To that end, we generate internal compensation bands that are used when discussing and negotiating salaries. We update these based on market data to make sure they’re above the average for comparable roles.
We also invest in our employees’ well-being and long term success with comprehensive health plans, generous vacation time, 401k, learning stipends, and more. Our benefits are for everyone, so that you’re taken care of, and we work with individuals to make sure they have what they need, whether that’s quiet work space, adjusted hours, or something else.
Who we are
We have people from France and the Philippines, physics and philosophy, formal methods research and full fledged corporations. We’re new parents and new grads, aspiring authors and aspiring Americans, dog lovers and dogfooders. We get together often to bike, bake, and meet up in parks. In our interactions, we believe respect and honesty go hand in hand, and prioritize both.
Semgrep is an equal-opportunity employer seeking a diverse range of backgrounds. We value who you are — including your cultural heritage, your socioeconomic status, your age, your race, your gender, your sexual orientation, your disabilities. We value what’s vitally important to you — your family, your religion, your politics. We value what you love in this world — your music, your weekend pursuits. We believe in welcoming varied professional backgrounds, educations, and interests. If you’re exceptional in your role, believe in Semgrep’s mission, and treat Semgrep’s values as your own, you belong here.
Apply for this job
*
indicates a required field