Staff AI Product Engineer, Code

ABOUT SEMGREP Semgrep, the leader in code security for builders, empowers invention without friction. Teams catch, flag, and fix real issues before they ship, powered by security that learns as they build. Semgrep secures code as it’s written and provides guardrails that pave the road for developers to move fast and stay secure. Built for builders and trusted by security, Semgrep lives where developers work, delivering fixes without breaking flow, and giving security teams visibility, control, and confidence. Semgrep gets smarter as you build, with AI that learns your context to cut false positives and prioritize reachable vulnerabilities, validated by 95% of security reviewers across 6M+ findings. Semgrep makes zero false positives a reality with AppSec teams triaging 80% fewer false positives across Code and Supply Chain, dramatically shrinking the backlog. Founded in San Francisco and backed by Menlo Ventures, Felicis Ventures, Lightspeed Venture Partners, Redpoint Ventures, and Sequoia Capital, Semgrep is recognized by Gartner in Application Security Testing and is trusted by leading organizations, including Snowflake, Dropbox, and Figma. Learn more at semgrep.dev http://semgrep.dev. ABOUT THE ROLE As an AI product engineer on Semgrep’s Code team, you’ll apply cutting-edge AI/ML tools from industry leaders (e.g. OpenAI, Anthropic, Hugging Face, Amazon, Google) to build user-facing security tools that help developers write and ship secure software faster. Semgrep’s Code product improves the software developers create by identifying real vulnerabilities without slowing them down. Other security tools often overwhelm developers with noise, but we deliver actionable, accurate, and intuitive results. AI has already had a profound effect on how we can cut through that noise, and we believe it will unlock even more potential in the future. You’ll learn about the application-security space, mentor other engineers, collaborate with product managers, security researchers, and application developers, and shape features our customers love. Through Semgrep’s culture of transparency, you’ll see and influence the decisions that make a startup successful. Your work will be key to making Semgrep the world’s leading code analysis project and trusted security platform. YOU WILL: - Integrate AI platform APIs into the Code product - Develop and refine LLM prompt chains for real developer use cases - Experiment with the latest AI/ML advances and determine how they can be productized - Evaluate and fine-tune ML models using human- and machine-generated data - Learn directly from users to understand their needs and deliver features that help them secure their code - Work on major product initiatives end-to-end, from design and prototyping through implementation and deployment - Contribute to technical discussions, roadmap planning, and mentoring within the team YOU ARE IDEAL FOR THIS ROLE IF YOU HAVE: - 8+ years of experience writing production software - Curiosity and a love of new technologies, especially AI/ML - Experience experimenting with GPT-4/GPT-5, Codex, Claude, or other LLMs; familiarity with ML algorithms and applied research - Comfort working in a fast-paced environment where prototypes are rapidly iterated or discarded - Strong Python skills (experience with other languages a plus) - Interest in prompt engineering, embeddings, and vector databases - Excitement about building for customers, iterating fast, and seeing solutions solve real developer problems - Excellent and proactive communication skills, both verbal and written SOME EXAMPLE PROJECTS YOU MIGHT WORK ON INCLUDE: - Building new detection capabilities that utilize fast, deterministic static analysis technologies within an autonomous LLM-driven agentic code analysis pipeline - Identifying causes of and solving for non-determinism in model output - Generating real-time, AI-powered remediation guidance for vulnerabilities in developers’ own code - Automatically drafting secure code suggestions that align with project context and frameworks - Building and orchestrating purpose-built custom agents for evaluating and triaging code security risks - Enhancing the IDE experience with AI-assisted security insights and explanations - Experimenting with AI-powered rule generation to help customers expand and tailor their Code product usage COMPENSATION The estimated starting annual salary range for this position is $230,000 to $288,000 USDUSD. The actual base salary will be determined based on a number of factors, which may include job-related skills, relevant experience, qualifications, location, internal equity, and market data. In addition to base salary, total compensation may include equity, variable compensation, and benefits. We view equity as a meaningful part of our compensation philosophy and a way for employees to share in the long-term value they help create. Compensation ran