Back to all roles

Security Engineer

Team
Engineering
Location
San Francisco
Commitment
Full-time

why we're looking for you

Retool started as a way to address obstacles with internal tools and has grown into a company that solves internal tooling for thousands of companies, from one-person startups to S&P 500 enterprises. We’ve done a lot with a little–we have a growing engineering team and a laundry list of features and foundational improvements we want to tackle. 

Retool aspires to be the single best way companies build internal tools. To achieve this goal, security is absolutely essential. Retool both handles our clients’ most sensitive data and offers a Turing-complete coding environment, so security is a core criterion for everything we build. We want you to provide the security expertise and firepower to earn our clients’ trust.

We’re looking for an experienced security engineer to found our security group, grow the security team, and mentor the engineering team to build world-class security into Retool products.

what you'll do

As our first dedicated security engineer, you will have a broad purview in your role.  Application security will be your top priority, but you may also work on infrastructure security (like IAM and the container runtime) or IT security (like employee endpoints and intra-corp SSO) as we continue to grow the team.  You will work with colleagues across the entire company, including senior leadership, to strengthen Retool’s security posture and design the future of Retool’s security team.

who you'll work with

Security is a collaborative practice.  In addition to working closely with our infrastructure and ops team in day-to-day engineering work, you’ll work across the engineering organization to help the entire team deliver secure products and solutions.  You will also work with go-to-market teams to provide security expertise on large deals.  You will also work with leadership across the organization to implement intra-company process changes where necessitated by security concerns.

in this role, you'll:

  • Triage and audit Retool’s existing security stance
  • Propose, prioritize, and implement new security engineering projects
  • Consult with other engineers to help design secure products
  • Consult with go-to-market teams and clients
  • Perform code reviews
  • Build automated security / code quality tools
  • Perform proactive penetration testing
  • Run Retool’s bug bounty program
  • Audit cross-org processes and implement changes to ensure the confidentiality and integrity of Retool and Retool client data
  • Conduct engineering interviews for new team members
  • Serve as the security domain expert for the company

you may be a good fit for this role if:

  • You have a track record of delivering security engineering projects and process improvements
  • You have a track record of building productive, collaborative relationships, both within an engineering org and across the broader company
  • You enjoy the ambiguity and high-ownership culture of early-stage startups.
  • You are pragmatic, solution-oriented, and scrappy
  • You enjoy working collaboratively with a broad range of job functions and roles
  • You have experience with our tech stack: Node, Postgres, Azure, Docker, Kubernetes
  • You have built out a security team in the past