is making software truly searchable, allowing deep meaningful questions to be answered, and insights to be shared. Our technology treats code as data, and by combining deep semantic code search with program analysis, we enable you to explore your code at scale in order to find bugs and real vulnerabilities.
As a Program Analysis Software Engineer, you will be part of a team of code analysis and compiler experts working to redefine what’s possible through static analysis and variant analysis
. We perform advanced analysis on the world’s most commonly used programming languages and our results come from a mix of cutting-edge theory and practical adaptation.
In the role you will:
- Devise and implement complex data models to analyze program control flow and data flow, using the latest research techniques.
- Use Semmle QL, our own declarative logic programming language, to develop sophisticated analyses for code quality issues.
- Ensure that we support the latest tools, language features and compilers of the key programming languages we support.
- Collaborate with the Semmle Security Research team, and with Semmle’s customers, to create the best analysis libraries possible.
Much of your work will be out in the open, and will directly benefit hundreds of thousands of open source projects via LGTM.com
; our community-driven security analysis platform that empowers developers to ship secure code.Requirements
The main thing we look for in candidates is intelligence and the ability to learn. We are interested in talking to people at any point in their career: from Interns to Seniors and above.
- A strong foundation in Computer Science (BSc, MSc, PhD or equivalent practical experience).
- Experience of (at least one of the following): Program analysis, static analysis, compiler construction or formal verification techniques.
- Programming language design and implementation.
- An interest and experience in compilers and compiler construction (e.g. GCJ, Clang, LLVM, GCC, Rosyln, ECJ, Wind River, EDG, Gc, PyPy etc.)
- Query languages; query optimisation; code generation
- Abstract interpretation; formal verification; Partial evaluation.
- Static analysis; dynamic analysis; control flow; data flow and information flow; security analysis; program transformation; taint analysis; taint tracking.
- Logic programming / Declarative Programming (e.g. Prolog, Datalog).
We believe security is a shared responsibility
. Our mission is to secure all software by bringing the security and development communities together.
Our technology scales any organization's security expertise using QL
to quickly explore any codebase to discover new vulnerabilities and all their variants. We empower product security teams to deliver variant analysis results to development teams using LGTM
to ship safe code and protect their customers. Together, Semmle's platform enables the security community to collaborate and share their expertise in the field of variant analysis and security research. Our technology is free to use on open source projects using LGTM.com platform. At the time of writing, analysis results for over 135,000 projects are publicly available on LGTM.com.
Security and software engineering teams at Google, Microsoft, NASA, Nasdaq and Uber depend on Semmle to secure their code. Headquartered in San Francisco, Semmle is a privately held company funded by Accel, with additional offices in Oxford, Copenhagen, New York City, Seattle, and Valencia.
How do you apply?
Semmle aims to hire outstanding people who have a diversity of perspectives, ideas and cultures. We actively support diversity and inclusion in the workplace and are committed to equal employment opportunity regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, gender identity, age, citizenship, marital status or disability status.
Please complete the following form to apply or feel free to get in touch with Zac Wallis at firstname.lastname@example.org
for more information.