Senior Software Engineer - Static Analysis

Kai is the AI company rebuilding cybersecurity for the machine-speed era. Founded by second-time founders and trusted by Fortune 500 enterprises, Kai is building a future where security has no categories, no silos, and no human speed bottlenecks. The Kai Autonomous Defense Platform replaces fragmented, human-limited workflows with agentic AI systems that continuously contextualize, assess, reason, and execute security work at machine speed, making human defenders superhuman.

Why Kai? 

  • Well-funded: $125M raised, with the capital, runway, and resolve to rebuild cybersecurity from first principles.
  • Proven: We've earned the trust of Fortune 500 and Global 2000 companies, and we're just getting started. Their confidence in Kai reflects what we've built: an AI-native cybersecurity platform that performs at machine speed with human-expert accuracy.
  • Experienced founders: Our founding team are second-time entrepreneurs, each with 20+ years in cybersecurity. They've built and scaled before, and they're doing it again with a bigger vision.
  • Competitive compensation: Highly competitive salary, meaningful equity, and a culture where your contributions are recognized and rewarded as we grow.

Senior Software Engineer – Static Analysis

About the Role

We’re looking for a Senior Software Engineer with deep experience in static analysis and systems engineering to own and evolve our core analysis platform.

At Kai, we build advanced static analysis technology that helps engineering and security teams determine which vulnerabilities are actually reachable and exploitable in production - not just flagged by dependency scans.

Our engine works at the IR and bytecode layers, tracing control flow and data flow across large codebases to cut false positives and improve how teams prioritize risk. We support Java and Go today, with analysis built for real-world complexity: reflection, indirect calls, dynamic dispatch, and cross-package flows.

In this role, you’ll be a technical decision-maker on how that platform grows -shaping analysis architecture, defining what reachability and exploitability mean in practice, and balancing precision, coverage, and performance as we scale.

What You’ll Bring

  • 7+ years of software engineering experience, with 4+ years in static analysis, program analysis, compiler infrastructure, or closely related domains.
  • Deep understanding of core program analysis concepts:
    • Control-flow and data-flow analysis
    • Call graph construction
    • Inter-procedural analysis
  • Taint tracking and reachability analysis
  • Hands-on experience working with IRs, bytecode, ASTs, or compiler/analysis pipelines - not just using tools, but understanding how analysis is built.
  • Strong programming skills in Java, Go, C++, or comparable systems/backend languages, with comfort working across analysis engine codebases.
  • Practical experience handling real-world language and runtime complexity - reflection, dynamic dispatch, indirect calls, and framework-specific behavior.
  • Experience building scalable analysis or backend systems for large, production codebases, with attention to performance and reliability.
  • Technical judgment and ownership - able to make architecture and trade-off decisions, drive design direction, and work effectively with minimal oversight.
  • Comfort operating in a fast-moving startup environment, balancing depth of analysis with shipping velocity and product impact.

Nice to Have

  • Deep experience with LLVM, MLIR, SSA-based analysis, or comparable compiler/analysis IRs—and judgment on when to build vs. integrate existing frameworks.
  • Background in application security or vulnerability analysis, with practical understanding of reachability, exploitability, and how security teams triage and remediate findings.
  • Experience building developer tooling, compilers, or security infrastructure at scale—where correctness, performance, and usability all matter.
  • Familiarity with program analysis research, with interest in applying academic advances to real-world codebases and product constraints.
  • Track record of technical leadership - architecture decisions, design reviews, mentoring, or driving cross-functional initiatives in complex engineering domains.


What You’ll Do

You’ll be a technical decision-maker on our static analysis platform: defining how we analyze code at scale, what “reachable” and “exploitable” mean in practice, and where we invest for accuracy, coverage, and performance. 

  • Own the technical direction of our static analysis stack—from IR/bytecode analysis through inter-procedural CFG and data-flow systems—and make principled trade-offs between precision, scalability, and time-to-ship.
  • Define and evolve reachability and exploitability models for application and dependency vulnerabilities, aligning analysis outputs with how security teams prioritize and remediate risk.
  • Set standards for analysis quality across complex real-world patterns (reflection, dynamic dispatch, indirect calls, framework-specific behavior) and decide which gaps to solve with deeper analysis vs. heuristics vs. ecosystem integration.
  • Drive language and runtime expansion by evaluating coverage gaps, sequencing language support, and choosing the right abstractions so new languages don’t require reinventing the core engine.
  • Lead performance and scalability initiatives for enterprise-scale codebases—profiling bottlenecks, shaping architecture for parallel/distributed analysis, and establishing measurable targets for throughput and resource use.
  • Partner with security researchers to translate emerging threat models and vulnerability classes into concrete analysis capabilities, test cases, and product requirements.
  • Collaborate with platform engineers on APIs, CI/CD integration, and developer workflows so analysis results are actionable in production pipelines—not just technically correct.
  • Guide engineering execution through design reviews, technical specs, and hands-on prototyping; mentor engineers on program analysis concepts and our analysis architecture.
  • Identify and champion patentable and foundational innovations that strengthen our long-term technical moat in code security analysis.


Engineering

Remote (San Jose, CA, US)

Partager sur :

Conditions générales d’utilisationConfidentialitéCookiesPropulsé par Rippling