Security Engineer

ABOUT RETOOL

Nearly every company in the world runs on custom software: Gartner estimates that up to 50% of all code is written for internal use. This is the operational software for refunding orders, underwriting loans, onboarding employees, analyzing transactions, and providing customer support. But most companies don’t have adequate resources to properly invest in these tools, leading to a lot of old and clunky internal software or, even worse, users still stuck in manual and spreadsheet flows.

At Retool, we’re on a mission to bring good software to everyone. We’re building a new type of development platform that combines the benefits of traditional software development with a drag-and-drop UI editor and AI, making it dramatically faster to build internal tools. We believe that the future of software development lies in abstracting away the tedious and repetitive tasks developers waste time on, while creating reusable components that act as a force multiplier for future developers and projects. The result is not just productivity, but good software by default. And that’s a mission worth striving for.

Today, our customers span from small startups building their first operational tools to Fortune 500 companies building mission-critical apps for thousands of users across their business. Interested in joining us? Let us know!

WHY WE’RE LOOKING FOR YOU

Retool aspires to be the single best way companies build internal tools, bringing good software to everyone. Central to this vision is an unwavering commitment to security. Retool both handles our clients’ most sensitive data and offers a Turing-complete coding environment, so security is a core criterion for everything we build. Bringing our customers a powerful coding environment demands nothing less than top-tier security across every inch of our product and platform — and here's exactly where your expertise comes into play.

We're looking for a generalist Security Engineer to build and maintain solutions that enhance the security, privacy, and impact of our products. There's no shortage of fascinating work that needs tackling, from security functions ranging from application security, to product security and cloud security. To strengthen Retool's security posture and shape the trajectory of our security team, you'll work closely with fellow engineers, cross-functional stakeholders, and senior leadership across the entire company.

IN THIS ROLE, YOU WILL:

• Work with the broader engineering organization on new projects and initiatives that improve the security and resilience of Retool
• Develop technical solutions to help mitigate security vulnerabilities, solve systematic security weaknesses, and product security features—you'll be writing code!
• Regularly perform technical security assessments, code audits, and design reviews.
• Drive evaluations to identify and remediate attack vectors against Retool products and platforms.
• Support in overseeing our pen-testing and bug bounty programs
• Assist in managing governance, risk, and compliance
• Deliver guidance and education to developers on best practices for security and privacy, aiming to prevent the creation of vulnerabilities
• Champion, promote, and advocate for security and secure practices throughout Retool

THE SKILLSET YOU'LL BRING:

• 5+ years of experience in security engineering or related fields, implementing secure, scalable software used across multiple teams
• Proficiency with Kubernetes, cloud platforms (e.g., Azure or AWS), Docker, and web security
• A proven track record in security architecture, building secure-by-design systems and scaling designs to accommodate a growing user base, while also safeguarding their data
• Dedication to facilitating productivity for product teams through secure architectural solutions combined with hands-on experience deploying features to business-critical production applications
• Enthusiasm for cross-functional collaboration, working with engineering, sales, people ops, finance, and more to drive impactful outcomes
• A keen ability to break down complex problems and lead cross-functional projects to robust solutions, with a focus on championing security initiatives and enhancing product security posture
• An empathetic approach to software engineering, actively identifying and mitigating potential vulnerabilities while mentoring and elevating the skills of fellow teammates
• Effective communication of threat models and risks to foster understanding and alignment across teams, while also demonstrating familiarity with communicating work through specifications or design documents