Back to jobs

Staff Security Advocate

Remote

About Semgrep

Semgrep is on a mission to make it expensive to exploit software. As the team behind the most popular SAST, we built the Semgrep AppSec Platform to deliver industry-leading code, dependency, and secrets scanning to enable organizations to ship secure code quickly without slowing down development. 

With fast, customizable code analysis across large codebases, Semgrep helps teams catch vulnerabilities early and fix them faster. Leading companies like Snowflake, Plaid, Figma, Lyft, and Dropbox rely on Semgrep to secure their software.

Semgrep is funded by top investors, including Felicis Ventures, Lightspeed Venture Partners, Menlo Ventures, Redpoint Ventures, and Sequoia Capital.

About the role

The Semgrep Security Advocacy team drives awareness and preference for Semgrep within both application security and software development communities. A Security Advocate will educate teams on secure coding, activate them through delightful product onboarding experiences, and encourage community champions to become force-multipliers that amplify our messages. We work extremely hard but also bring the fun to cross-functional.

Location expectations:

  • This role is remote friendly, with some travel expected. 

Prior experience in a fast-paced, tech environment is helpful, but we are more interested in your curiosity and passion for learning and technical skills than your pedigree. So if this opportunity excites you but you don’t meet the exact requirements, apply anyway!

What you’ll do

Security Research & Thought Leadership

  • Partner with security researchers to investigate emerging security trends and patterns, transforming complex findings into easily understandable and actionable insights that resonate with security and developer audiences.
  • Build and maintain credibility as a trusted security voice by publishing original research, proof-of-concepts, and detailed analysis.

Content Creation

  • Amplify discoveries and messages through compelling story narratives and real-world demonstrations.
  • Address critical security education gaps within developer and security ecosystems.
  • Produce high-impact technical content including conference presentations, in-depth blog posts, video tutorials, and short-form community engagement on social channels and forums.

Community Building & Evangelism

  • Establish Semgrep as the go-to solution for secure coding by engaging authentically with security practitioners and software development teams wherever they are.
  • Lead technical workshops and hands-on training sessions that demonstrate practical security risks and remediation using Semgrep tools.
  • Cultivate relationships with other influencers within DevSecOps and AppSec communities to expand your reach and gather intelligence.
  • Support internal teammates to be the best version of themselves by sharing your knowledge and best practices across functions.

Product Feedback Loop

  • Serve as the voice of the community within Semgrep, translating user pain points and opportunities into product enhancement opportunities.
  • Support engineering and product teams to beta test and provide comprehensive user experience feedback.

You are ideal for this role if you have

Technical Security Expertise

  • 8+ years of hands-on keyboard experience identifying, analyzing, and remediating security vulnerabilities across web applications, cloud infrastructure, and APIs.
  • Proven track record of security research contributions such as CVE discoveries, security advisories, or published research.
  • Deep understanding of OWASP Top 10, secure coding practices, and common vulnerability classes as well as application security testing methodologies (SAST, DAST, IAST) with familiarity of strengths and limitations.

Software Development & Tools

  • Strong programming skills in multiple languages commonly used in enterprise development (Python, JavaScript, Java, Go, etc.).
  • Experience with modern development workflows and methodologies including CI/CD pipelines, containerization, infrastructure as code, cloud deployment, and generative AI.

Communication & Advocacy Skills

  • Ability to translate complex technical concepts into business value or user-friendly explanations.
  • Exceptional written and verbal communication abilities with a portfolio of technical content delivered to technical audiences.
  • Proven public speaking experience at industry conferences, meetups, or similar events.
  • Experience building and nurturing technical communities through contributions, organization, and online engagement.
  • Be able to speak with compassion and empathy to everybody from the CTO/CISO to Software Developer/Intern/Security Engineer.
  • Previous developer relations role such as a developer advocate, technical evangelist, or similar public-facing community position.

Compensation

Salary Range: $147,500 - $199,500

Our compensation package includes equity and benefits in addition to salary.

Please note that the range listed is for someone based in the San Francisco Bay Area.

What we offer

Our goal is to competitively and fairly compensate every Semgrep employee with a system that equally rewards those who are vocal and those who are less comfortable making demands during the final steps of the hiring process. To that end, we generate internal compensation bands that are used when discussing and negotiating salaries. We update these based on market data to make sure they’re above the average for comparable roles.

We also invest in our employees’ well-being and long term success with comprehensive health plans, generous vacation time, 401k, learning stipends, and more. Our benefits are for everyone, so that you’re taken care of, and we work with individuals to make sure they have what they need, whether that’s quiet work space, adjusted hours, or something else.

Who we are

We have people from France and the Philippines, physics and philosophy, formal methods research and full fledged corporations. We’re new parents and new grads, aspiring authors and aspiring Americans, dog lovers and dogfooders. We get together often to bike, bake, and meet up in parks. In our interactions, we believe respect and honesty go hand in hand, and prioritize both.

Semgrep is an equal-opportunity employer seeking a diverse range of backgrounds. We value who you are — including your cultural heritage, your socioeconomic status, your age, your race, your gender, your sexual orientation, your disabilities. We value what’s vitally important to you — your family, your religion, your politics. We value what you love in this world — your music, your weekend pursuits. We believe in welcoming varied professional backgrounds, educations, and interests. If you’re exceptional in your role, believe in Semgrep’s mission, and treat Semgrep’s values as your own, you belong here.

Apply for this job

*

indicates a required field

Resume/CV

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf

Select...

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Semgrep’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.