Security Engineer

WHY WE’RE LOOKING FOR YOU

Retool aspires to be the single best way companies build internal tools, bringing good software to everyone. Central to this vision is an unwavering commitment to security. Retool both handles our clients’ most sensitive data and offers a Turing-complete coding environment, so security is a core criterion for everything we build. Bringing our customers a powerful coding environment demands nothing less than top-tier security across every inch of our product and platform — and here's exactly where your expertise comes into play. 

We're looking for a generalist Security Engineer to build and maintain solutions that enhance the security, privacy, and impact of our products. There's no shortage of fascinating work that needs tackling, from security functions ranging from application security, to product security and cloud security. To strengthen Retool's security posture and shape the trajectory of our security team, you'll work closely with fellow engineers, cross-functional stakeholders, and senior leadership across the entire company.

IN THIS ROLE, YOU WILL:

• Work with the broader engineering organization on new projects and initiatives that improve the security and resilience of Retool
• Develop technical solutions to help mitigate security vulnerabilities, solve systematic security weaknesses, and product security features—you'll be writing code! 
• Regularly perform technical security assessments, code audits, and design reviews.
• Drive evaluations to identify and remediate attack vectors against Retool products and platforms.
• Support in overseeing our pen-testing and bug bounty programs
• Assist in managing governance, risk, and compliance 
• Deliver guidance and education to developers on best practices for security and privacy, aiming to prevent the creation of vulnerabilities
• Champion, promote, and advocate for security and secure practices throughout Retool

THE SKILLSET YOU'LL BRING:

• 5+ years of experience in security engineering or related fields, implementing secure, scalable software used across multiple teams
• Proficiency with Kubernetes, cloud platforms (e.g., Azure or AWS), Docker, and web security
• A proven track record in security architecture, building secure-by-design systems and scaling designs to accommodate a growing user base, while also safeguarding their data
• Dedication to facilitating productivity for product teams through secure architectural solutions combined with hands-on experience deploying features to business-critical production applications
• Enthusiasm for cross-functional collaboration, working with engineering, sales, people ops, finance, and more to drive impactful outcomes
• A keen ability to break down complex problems and lead cross-functional projects to robust solutions, with a focus on championing security initiatives and enhancing product security posture
• An empathetic approach to software engineering, actively identifying and mitigating potential vulnerabilities while mentoring and elevating the skills of fellow teammates
• Effective communication of threat models and risks to foster understanding and alignment across teams, while also demonstrating familiarity with communicating work through specifications or design documents