Claudio Merloni

Security Research Manager at Semgrep

Greater Paris Metropolitan Region France
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

🤩
Rockstar
🎓
Top School
Claudio Merloni is a Security Research Manager based in the Greater Paris area with roughly eight years of focused experience in application security, static/dynamic analysis, and secure software development. He has progressed from hands-on roles—penetration testing, code review, forensics—to leading research teams at Semgrep, where he has significantly improved the Semgrep ruleset to catch SQLi, hardcoded secrets and other critical flaws. His background includes senior research at Synopsys and architecture and security leadership roles at HPE and Criteo, giving him a strong blend of product-minded security and enterprise risk expertise. Claudio is a published researcher and conference speaker (notably on Bluetooth malware and string analysis) and has contributed to OWASP guidance, reflecting a long-standing interest in practical, defensible tooling. An uncommon detail: he pairs deep technical research with creative training in orchestration for film and TV, hinting at a blend of analytical rigor and storytelling when communicating complex security findings.
code8 years of coding experience
job16 years of employment as a software developer
bookOrchestration for Film and TV, Orchestration for Film and TV at Berklee College of Music
bookOracle Anti Hacker Training
bookLiceo Scientifico
bookFOSAD '04: 4th International School on Foundations of Security Analysis and Design
bookMaster Computer Engineering, Master Computer Engineering at Politecnico di Milano
languagesEnglish, French, Italian
github-logo-circle

Github Skills (20)

sql-injection10
static-analysis10
semgrep10
security10
program-analysis10
javascript9
python9
docker8
php8
dockers8
expressjs7
java7
ruby7
javas7
flask6

Programming languages (12)

TypeScriptHCLMDXShellRustCSolidityOCaml

Github contributions (5)

github-logo-circle
semgrep/semgrep-rules

Apr 2022 - Jan 2023

Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.
Role in this project:
userSecurity Engineer
Contributions:200 reviews, 37 commits, 267 PRs in 9 months
Contributions summary:Claudio primarily focused on enhancing the security of the Semgrep ruleset. Their contributions involved identifying and fixing vulnerabilities related to various programming languages and frameworks, specifically addressing issues such as SQL injection, cookie security, and hardcoded secrets. The user implemented new security rules, modified existing ones, and improved the accuracy of findings. Furthermore, the user worked on reducing the span of findings and addressing review comments to refine the overall rule set.
securitysemgrepsemgrep-rulessemgrep-registryprogram-analysis
p4p3r/qmk_firmware

Feb 2021 - Nov 2023

Open-source keyboard firmware for Atmel AVR and Arm USB families
Contributions:25 pushes, 5 branches in 2 years 8 months
rp2040nrf52840firmwareavratmel
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Claudio Merloni - Security Research Manager at Semgrep