Software Engineer Intern, Program Analysis

About Semgrep

Semgrep is on a mission to make it expensive to exploit software. As the team behind the most popular SAST, we built the Semgrep AppSec Platform to deliver industry-leading code, dependency, and secrets scanning to enable organizations to ship secure code quickly without slowing down development. 

With fast, customizable code analysis across large codebases, Semgrep helps teams catch vulnerabilities early and fix them faster. Leading companies like Snowflake, Plaid, Figma, Lyft, and Dropbox rely on Semgrep to secure their software.

Semgrep is funded by top investors, including Felicis Ventures, Lightspeed Venture Partners, Menlo Ventures, Redpoint Ventures, and Sequoia Capital.

About the role

As a software engineering intern at Semgrep, you’ll work with our developers, security engineers, and academic research partners to create a tool that empowers people to activate the standards that they care about for their code.

Along the way, you’ll learn how people write secure code that lasts, best practices in coding, and functional programming (yayyy!), as you meet developers and security professionals at organizations ranging from early-stage startups to social-media giants, and as you work with program analysis experts who are passionate about making developers’ lives easier.

As a member of our team, you’ll be treated with respect and high standards, just like anyone else here. You'll be a part of the decisions that make an early-stage startup successful and your work will be critical to our mission. Every feature you build will have a measurable impact on our users’ lives. We’re excited to see what you do.

Perhaps the best description of this internship comes from someone who has been where you will be. 

• Katrina Liu’s experience adding a new feature as a 2024 Intern
• Vivek Khimani’s experience as a 2022 intern from interviewing, onboarding to building a feature that is still in use today

You will:

• Design world-class pragmatic software analysis tools for security teams and developers
• Improve and develop new code analysis techniques (e.g. constant propagation, dataflow analysis) that provide developers with powerful but simple ways to find what they care about
• Contribute to everything from proprietary software to external open source parsers
• Learn from a peer mentor who will help navigate your internship to get what you want out of it and achieve success
• Talk to our users and work alongside security researchers to understand their needs

You are ideal for this role if you

• Find compilers, programming languages, or type theory interesting
• Have experience using a functional programming language (e.g. OCaml, Haskell)
• Are excited about software security and developer enablement
• Are able to work in our San Francisco office 5 days/week
• Are you available to start on either Tuesday, May 26th, 2026 or Tuesday, June 23rd, 2026

Some example projects our previous interns have worked on include

• Design a 1.0 syntax for Semgrep rules that is consistent and intuitive
• Implement a feature to search for variables of a specific type
• Autogenerate Semgrep rules from user-provided sample code
• Develop a solution for extracting and analyzing code embedded in other files, like bash scripts or StackOverflow pages
• Adding path-sensitivity dataflow support to our Pro engine

What we offer

• $2,400 per week for our 10-week full-time internship
• Close 1:1 mentorship from full-time engineers on the team
• Regular feedback from your team’s manager
• The opportunity to work in-person in our San Francisco office
• An intern cohort of peers

What we offer

Our goal is to competitively and fairly compensate every Semgrep employee with a system that equally rewards those who are vocal and those who are less comfortable making demands during the final steps of the hiring process. To that end, we generate internal compensation bands that are used when discussing and negotiating salaries. We update these based on market data to make sure they’re above the average for comparable roles.

We also invest in our employees’ well-being and long term success with comprehensive health plans, generous vacation time, 401k, learning stipends, and more. Our benefits are for everyone, so that you’re taken care of, and we work with individuals to make sure they have what they need, whether that’s quiet work space, adjusted hours, or something else.

Who we are

We have people from France and the Philippines, physics and philosophy, formal methods research and full fledged corporations. We’re new parents and new grads, aspiring authors and aspiring Americans, dog lovers and dogfooders. We get together often to bike, bake, and meet up in parks. In our interactions, we believe respect and honesty go hand in hand, and prioritize both.

Semgrep is an equal-opportunity employer seeking a diverse range of backgrounds. We value who you are — including your cultural heritage, your socioeconomic status, your age, your race, your gender, your sexual orientation, your disabilities. We value what’s vitally important to you — your family, your religion, your politics. We value what you love in this world — your music, your weekend pursuits. We believe in welcoming varied professional backgrounds, educations, and interests. If you’re exceptional in your role, believe in Semgrep’s mission, and treat Semgrep’s values as your own, you belong here.

Please Note: For US-based roles open to remote work, we are currently able to hire employees in the following states only: Arizona, California, Colorado, Connecticut, District of Columbia, Florida, Georgia, Illinois, Maryland, Massachusetts, Michigan, Missouri, Nebraska, New Hampshire, New Jersey, New York, North Carolina, Oregon, Tennessee, Texas, Virginia, and Washington.