Claudio Merloni is a Security Research Manager based in the Greater Paris area with roughly eight years of focused experience in application security, static/dynamic analysis, and secure software development. He has progressed from hands-on roles—penetration testing, code review, forensics—to leading research teams at Semgrep, where he has significantly improved the Semgrep ruleset to catch SQLi, hardcoded secrets and other critical flaws. His background includes senior research at Synopsys and architecture and security leadership roles at HPE and Criteo, giving him a strong blend of product-minded security and enterprise risk expertise. Claudio is a published researcher and conference speaker (notably on Bluetooth malware and string analysis) and has contributed to OWASP guidance, reflecting a long-standing interest in practical, defensible tooling. An uncommon detail: he pairs deep technical research with creative training in orchestration for film and TV, hinting at a blend of analytical rigor and storytelling when communicating complex security findings.
8 years of coding experience
16 years of employment as a software developer
Orchestration for Film and TV, Orchestration for Film and TV at Berklee College of Music
Oracle Anti Hacker Training
Liceo Scientifico
FOSAD '04: 4th International School on Foundations of Security Analysis and Design
Master Computer Engineering, Master Computer Engineering at Politecnico di Milano
Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.
Role in this project:
Security Engineer
Contributions:200 reviews, 37 commits, 267 PRs in 9 months
Contributions summary:Claudio primarily focused on enhancing the security of the Semgrep ruleset. Their contributions involved identifying and fixing vulnerabilities related to various programming languages and frameworks, specifically addressing issues such as SQL injection, cookie security, and hardcoded secrets. The user implemented new security rules, modified existing ones, and improved the accuracy of findings. Furthermore, the user worked on reducing the span of findings and addressing review comments to refine the overall rule set.
Open-source keyboard firmware for Atmel AVR and Arm USB families
Contributions:25 pushes, 5 branches in 2 years 8 months
rp2040nrf52840firmwareavratmel
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Claudio Merloni - Security Research Manager at Semgrep