Senior Software Engineer - Static Analysis

Kai Cyber, Inc.

$130K — $180K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 7+ years of software engineering experience, including 4+ years in static analysis or related fields.
  • Deep understanding of control-flow and data-flow analysis concepts.
  • Hands-on experience with IRs, bytecode, ASTs, or relevant analysis pipelines.
  • Strong programming skills in Java, Go, C++, or similar languages.
  • Experience building scalable systems for large codebases, focusing on performance and reliability.
  • Ability to make technical decisions and drive design direction with minimal oversight.
  • Comfortable in a fast-moving startup environment.

Responsibilities

  • Own the technical direction of the static analysis platform across various complexity levels.
  • Define models for reachability and exploitability of vulnerabilities in code.
  • Establish analysis quality standards for complex real-world patterns and decide on solutions.
  • Lead initiatives for performance and scalability in enterprise-scale codebases.
  • Translate emerging security threat models into tangible analysis capabilities with security researchers.
  • Collaborate with platform engineers for actionable analysis results in production workflows.
  • Mentor engineers on program analysis and guide execution through technical reviews.

Benefits

  • Opportunity to influence the development of core analysis technologies.
  • Dynamic startup environment offering rapid professional growth.
  • Collaboration with security researchers to shape real-world application security.
  • Possibility to identify and champion innovative solutions with long-term impact.
Full Job Description
Senior Software Engineer - Static Analysis

About the Role

We're looking for a Senior Software Engineer with deep experience in static analysis and systems engineering to own and evolve our core analysis platform.

At Kai, we build advanced static analysis technology that helps engineering and security teams determine which vulnerabilities are actually reachable and exploitable in production - not just flagged by dependency scans.

Our engine works at the IR and bytecode layers, tracing control flow and data flow across large codebases to cut false positives and improve how teams prioritize risk. We support Java and Go today, with analysis built for real-world complexity: reflection, indirect calls, dynamic dispatch, and cross-package flows.

In this role, you'll be a technical decision-maker on how that platform grows -shaping analysis architecture, defining what reachability and exploitability mean in practice, and balancing precision, coverage, and performance as we scale.

What You'll Bring

  • 7+ years of software engineering experience, with 4+ years in static analysis, program analysis, compiler infrastructure, or closely related domains.
  • Deep understanding of core program analysis concepts:
    • Control-flow and data-flow analysis
    • Call graph construction
    • Inter-procedural analysis
  • Taint tracking and reachability analysis
  • Hands-on experience working with IRs, bytecode, ASTs, or compiler/analysis pipelines - not just using tools, but understanding how analysis is built.
  • Strong programming skills in Java, Go, C++, or comparable systems/backend languages, with comfort working across analysis engine codebases.
  • Practical experience handling real-world language and runtime complexity - reflection, dynamic dispatch, indirect calls, and framework-specific behavior.
  • Experience building scalable analysis or backend systems for large, production codebases, with attention to performance and reliability.
  • Technical judgment and ownership - able to make architecture and trade-off decisions, drive design direction, and work effectively with minimal oversight.
  • Comfort operating in a fast-moving startup environment, balancing depth of analysis with shipping velocity and product impact.

Nice to Have

  • Deep experience with LLVM, MLIR, SSA-based analysis, or comparable compiler/analysis IRs-and judgment on when to build vs. integrate existing frameworks.
  • Background in application security or vulnerability analysis, with practical understanding of reachability, exploitability, and how security teams triage and remediate findings.
  • Experience building developer tooling, compilers, or security infrastructure at scale-where correctness, performance, and usability all matter.
  • Familiarity with program analysis research, with interest in applying academic advances to real-world codebases and product constraints.
  • Track record of technical leadership - architecture decisions, design reviews, mentoring, or driving cross-functional initiatives in complex engineering domains.


What You'll Do

You'll be a technical decision-maker on our static analysis platform: defining how we analyze code at scale, what "reachable" and "exploitable" mean in practice, and where we invest for accuracy, coverage, and performance.

  • Own the technical direction of our static analysis stack-from IR/bytecode analysis through inter-procedural CFG and data-flow systems-and make principled trade-offs between precision, scalability, and time-to-ship.
  • Define and evolve reachability and exploitability models for application and dependency vulnerabilities, aligning analysis outputs with how security teams prioritize and remediate risk.
  • Set standards for analysis quality across complex real-world patterns (reflection, dynamic dispatch, indirect calls, framework-specific behavior) and decide which gaps to solve with deeper analysis vs. heuristics vs. ecosystem integration.
  • Drive language and runtime expansion by evaluating coverage gaps, sequencing language support, and choosing the right abstractions so new languages don't require reinventing the core engine.
  • Lead performance and scalability initiatives for enterprise-scale codebases-profiling bottlenecks, shaping architecture for parallel/distributed analysis, and establishing measurable targets for throughput and resource use.
  • Partner with security researchers to translate emerging threat models and vulnerability classes into concrete analysis capabilities, test cases, and product requirements.
  • Collaborate with platform engineers on APIs, CI/CD integration, and developer workflows so analysis results are actionable in production pipelines-not just technically correct.
  • Guide engineering execution through design reviews, technical specs, and hands-on prototyping; mentor engineers on program analysis concepts and our analysis architecture.
  • Identify and champion patentable and foundational innovations that strengthen our long-term technical moat in code security analysis.

Similar Jobs

More Jobs at Kai Cyber, Inc.

More Information Technology Jobs

Find similar Senior Software Engineer - Static Analysis jobs: