Security Engineer

San Francisco, CA, United States

ABOUT RETOOL:

Nearly every company in the world runs on custom software: Gartner estimates that up to 50% of all code is written for internal use. This is the operational software for refunding orders, underwriting loans, onboarding employees, analyzing transactions, and providing customer support. But most companies don't have adequate resources to properly invest in these tools, leading to a lot of old and clunky internal software or, even worse, users still stuck in manual and spreadsheet flows.

At Retool, we're on a mission to bring good software to everyone. We're building a new type of development platform that combines the benefits of traditional software development with a drag-and-drop UI editor and AI, making it dramatically faster to build internal tools. We believe that the future of software development lies in abstracting away the tedious and repetitive tasks developers waste time on, while creating reusable components that act as a force multiplier for future developers and projects. The result is not just productivity, but good software by default. And that's a mission worth striving for.

Today, our customers span from small startups building their first operational tools to Fortune 500 companies building mission-critical apps for thousands of users across their business. Interested in joining us? Let us know!

WHY WE'RE LOOKING FOR YOU

Retool aspires to be the single best way companies build internal tools, bringing good software to everyone. Central to this vision is an unwavering commitment to security. Retool both handles our clients' most sensitive data and offers a Turing-complete coding environment, so security is a core criterion for everything we build. Bringing our customers a powerful coding environment demands nothing less than top-tier security across every inch of our product and platform - and here's exactly where your expertise comes into play.

We're looking for a generalist Security Engineer to build and maintain solutions that enhance the security, privacy, and impact of our products. There's no shortage of fascinating work that needs tackling, from security functions ranging from application security, to product security and cloud security. To strengthen Retool's security posture and shape the trajectory of our security team, you'll work closely with fellow engineers, cross-functional stakeholders, and senior leadership across the entire company.

IN THIS ROLE, YOU WILL:

Work with the broader engineering organization on new projects and initiatives that improve the security and resilience of Retool

Develop technical solutions to help mitigate security vulnerabilities, solve systematic security weaknesses, and product security features-you'll be writing code!

Regularly perform technical security assessments, code audits, and design reviews.

Drive evaluations to identify and remediate attack vectors against Retool products and platforms.

Support in overseeing our pen-testing and bug bounty programs

Assist in managing governance, risk, and compliance

Deliver guidance and education to developers on best practices for security and privacy, aiming to prevent the creation of vulnerabilities

Champion, promote, and advocate for security and secure practices throughout Retool

THE SKILLSET YOU'LL BRING: 5+ years of experience in security engineering or related fields, implementing secure, scalable software used across multiple teams

Proficiency with Kubernetes, cloud platforms (e.g., Azure or AWS), Docker, and web security

A proven track record in security architecture, building secure-by-design systems and scaling designs to accommodate a growing user base, while also safeguarding their data

Dedication to facilitating productivity for product teams through secure architectural solutions combined with hands-on experience deploying features to business-critical production applications

Enthusiasm for cross-functional collaboration, working with engineering, sales, people ops, finance, and more to drive impactful outcomes

A keen ability to break down complex problems and lead cross-functional projects to robust solutions, with a focus on championing security initiatives and enhancing product security posture

An empathetic approach to software engineering, actively identifying and mitigating potential vulnerabilities while mentoring and elevating the skills of fellow teammates

Effective communication of threat models and risks to foster understanding and alignment across teams, while also demonstrating familiarity with communicating work through specifications or design documents

For candidates based in the United States, the annual base salary range is listed below. This salary range may be inclusive of several career levels at Retool and will be narrowed during the interview process based on a number of factors such as (but not limited to), scope and responsibilities, the candidate's experience and qualifications, and location.

Additional compensation in the form(s) of equity, and/or commission/bonuses are dependent on the position offered. Retool provides a comprehensive benefit plan, including medical, dental, vision, and 401(k). Pay and benefits are subject to change at any time, consistent with the terms of any applicable compensation or benefit plans.

United States pay range

$192,500-$254,700 USD

Retool offers generous benefits to all employees and hybrid work location. For more information, please visit the benefits and perks section of our careers page!

Retool is currently set up to employ all roles in the US and specific roles in the UK. To find roles that can be employed in the UK, please refer to our careers page and review the indicated locations.