Our mission is to make world-class software security available to everyone. This means building program analysis tools that are open source, easy to use, powerful, and fast. It also means building a team with security expertise and a passion for great developer experiences. Most of all, it means working with honesty and respect in a diverse community of dreamers and builders. We’ve redefined static analysis tooling by committing to all of these, and turned our project, Semgrep, into an essential safeguard for code at Snowflake, Dropbox, and more.

As a CVE Analyst at r2c, you’ll help us build a new category of developer focused security tools to prevent security vulnerabilities. You will be joining the team that builds Semgrep Supply Chain, a high-signal dependency scanner that cuts through the noise of false positives by leveraging Semgrep’s first party code analysis. In this role, you will research open source vulnerabilities and write Semgrep rules to help secure our customers against the latest threats.

Along the way, you will work with a dedicated group of full stack developers, security researchers, program analysis experts, and infrastructure engineers. You will learn from senior security researchers who bring experience and wisdom from years running AppSec programs, working as security consultants, and discovering new CVEs. You will work with our clients’ security teams at companies ranging from early-stage startups to social-media giants, learning about their security philosophies. You’ll attend lunch and learns across the company - learning about everything from advanced type systems to product paradigms. As a CVE Analyst, you will get to talk directly to real customers who are using the rules you write - something that makes working at an early-stage startup unique!

Our goal is to competitively and fairly compensate every r2cer with a system that equally rewards those who are vocal and those who are less comfortable making demands during the final steps of the hiring process. To that end, we generate internal compensation bands that are used when discussing and negotiating salaries. We update these based on market data to make sure they’re above the average for comparable roles.

We also invest in our employees’ well-being and long term success with comprehensive health plans, generous vacation time, learning stipends, and more. Our benefits are for everyone, so that you’re taken care of, and we work with individuals to make sure they have what they need, whether that’s quiet work space, adjusted hours, or any other accommodation.

We have people from France and the Philippines, physics and philosophy, formal methods research and full fledged corporations. We’re new parents and new grads, aspiring authors and adrenaline addicts, dog lovers and dogfooders. We get together often to bike, bake, and meet up in parks. In our interactions, we believe respect and honesty go hand in hand, and prioritize both.

r2c is an equal-opportunity employer seeking a diverse range of backgrounds. We value who you are — including your cultural heritage, your socioeconomic status, your age, your race, your gender, your sexual orientation, your disabilities. We value what’s vitally important to you — your family, your religion, your politics. We value what you love in this world — your music, your weekend pursuits. We believe in welcoming varied professional backgrounds, educations, and interests. If you’re exceptional in your role, believe in r2c’s mission, and treat r2c’s values as your own, you belong here.

You will need working proficiency and communication skills in verbal and written English. We work as a hybrid on-site / remote organization. r2c primarily works in the Pacific, Eastern, and Central EU time zones.