Software Engineer, Program Analysis

San Francisco, CA
r2c
r2c is a software security startup, founded with a mission to profoundly improve software security and reliability to safeguard human progress. We make modern static analysis purpose-built for CI/CD. The team includes security engineers and researchers from NCC Group, Facebook, Palantir, and Duo Security. We value impactful, mission-focused work performed in a culture of honesty and mutual respect.

You'll be an early program analysis engineer working with our designers, developers, and academic research partners to create a platform that brings together program analysis authors with people who review and fix issues in open source software.

We take an empirical approach to product development, proposing experiments and rigorously validating our ideas. We believe in building each other up and 'yes and...' conversations! You’ll have the opportunity to meet with users and set the direction of the product here.

Responsibilities

    • Design and help build world-class pragmatic software analysis tools for the security and developer users
    • Identify the most meaningful issues affecting today’s developers: security vulnerabilities, performance bugs, and functional faults
    • Craft high quality tools and checks to discover and fix these issues in our users’ codebases
    • Develop systems or frameworks (e.g. linters, analysis tools, and other developer-workflow integrations) that help other engineers improve security

Example projects you might work on

    • Extend the capabilities of Semgrep (a semantic-grep, see https://semgrep.dev/) to support more complex patterns or to handle more programming languages
    • Implement from scratch a parser for a new language (e.g., extend https://github.com/returntocorp/pfff )
    • Refine generic ASTs to support more programming languages
    • Implement dataflow analysis to find bugs
    • Use Datalog to implement complex and novel program analysis (pointer analysis, taint tracking, SQL injection detection)

Minimum Requirements

    • BS degree in Computer Science, similar technical field of study, or equivalent practical experience
    • Extensive experience with functional languages like OCaml, Haskell, or Scala
    • Experience in one dynamic language like Python, Ruby, Javascript, or PHP
    • Familiarity with program analysis and transformation concepts and tools, e.g. SSA, LLVM IR, taint tracking
    • Interests in compilers, programming languages, functional programming, or program analysis
    • Passion for software security
    • Remote-friendly
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or any other basis covered by appropriate law.

Working proficiency and communication skills in verbal and written English and being authorized to work in the US are required.