About Semgrep
What is Semgrep?
Semgrep is a code-security company on a mission "to make it expensive to exploit software." Founded in San Francisco in 2017 by Drew Dennison, Isaac Evans and Luke O'Malley, Semgrep builds the team behind the most popular SAST (static application security testing) tool. The Semgrep AppSec Platform performs static analysis across 40+ coding languages, scanning for vulnerabilities, hardcoded secrets and supply-chain risks so teams "catch, flag, and fix real issues before they ship." The platform "lives where developers work, delivering fixes without breaking flow," with AI that learns each codebase to cut false positives. Semgrep is recognized by Gartner in Application Security Testing and is backed by Menlo Ventures, Felicis, Lightspeed, Redpoint and Sequoia.
Where will I work?
Semgrep is hybrid-first, with co-located teams centered in hubs in San Francisco (its headquarters), New York, Boston, Denver and London. Most hybrid roles ask for two to three days a week in a hub office (for example, "a minimum of 2 days a week in our SF office," or "Hybrid (3 days/week) out of one of our hub locations: Boston, Denver, NYC, SF"). A subset of roles are fully remote within specific US states. Semgrep frames its model around values over real estate: "our culture is more about what we value, who we bring on board, and the quality of our work rather than just being stuck in the same office space."
What is the Semgrep team like?
Semgrep "bring[s] together people from a wide range of backgrounds and disciplines—from physics and philosophy to formal methods research." The team gets together often "to bike, bake, and meet up in parks," and prizes respect and honesty. Its values guide daily work — "Be audacious" ("What can go right?"), "Do it fast," "Relentlessly improving," "Users are the judge," and "Embrace debate" ("we believe in passionate, productive discussion and debate around ideas").
Work-Life Balance
Semgrep pairs an unlimited-PTO policy with an explicit nudge to actually use it: "We work hard so it's important to recharge. Time off is mandated and at least 3+ weeks is encouraged." The company carries a "2025 Best Places to Work" badge on its site. While the culture emphasizes urgency ("Do it fast"), it balances that with a deliberate recharge expectation and a hybrid model that gives people flexibility.
Perks and Benefits
Semgrep invests "in our employees' well-being and long-term success through a competitive, market-aligned benefits program." Core benefits include comprehensive health, dental and vision plans for employees and dependents; unlimited PTO with 3+ weeks encouraged; retirement plans including a 401(k); and equity, which Semgrep views "as a meaningful part of our compensation philosophy." Compensation packages combine base salary with equity and variable compensation, and teams connect through regular gatherings.