Security Engineer at Retool (W17)
Build internal tools fast.
San Francisco
About Retool

Retool's a fast way of building internal tools (to manage deliveries, for customer support, etc.). We just hit profitability, have raised money from some great investors, including John + Patrick Collison (Stripe), Elad Gil (Color), Nat Friedman (Github), Greg Brockman (OpenAI), etc. We're looking to scale our engineering team from 15 people to around 25 this year.

Our thesis is that all internal tools have the same building blocks (tables, textinputs, dropdowns, etc.). So Retool gives you those building blocks, which you can combine and compose to make any sort of internal tool you might want. That's a lot faster than writing the same custom code, over and over again. Here's a 3 minute demo.

Our actual goal - though - is to build the future of programming. We think building boring, internal enterprise apps represents most of programming. And if you can make building these boring things a lot faster, you have a good shot at becoming what "comes after programming languages".

About the role


Retool started as a way to address obstacles with internal tools and has grown into a company that solves internal tooling for thousands of companies, from one-person startups to S&P 500 enterprises. We’ve done a lot with a little–we have a growing engineering team and a laundry list of features and foundational improvements we want to tackle. 

Retool aspires to be the single best way companies build internal tools. To achieve this goal, security is absolutely essential. Retool both handles our clients’ most sensitive data and offers a Turing-complete coding environment, so security is a core criterion for everything we build. We want you to provide the security expertise and firepower to earn our clients’ trust.

We’re looking for an experienced security engineer to found our security group, grow the security team, and mentor the engineering team to build world-class security into Retool products.


As our first dedicated security engineer, you will have a broad purview in your role.  Application security will be your top priority, but you may also work on infrastructure security (like IAM and the container runtime) or IT security (like employee endpoints and intra-corp SSO) as we continue to grow the team.  You will work with colleagues across the entire company, including senior leadership, to strengthen Retool’s security posture and design the future of Retool’s security team.


Security is a collaborative practice.  In addition to working closely with our infrastructure and ops team in day-to-day engineering work, you’ll work across the engineering organization to help the entire team deliver secure products and solutions.  You will also work with go-to-market teams to provide security expertise on large deals.  You will also work with leadership across the organization to implement intra-company process changes where necessitated by security concerns.


  • Triage and audit Retool’s existing security stance
  • Propose, prioritize, and implement new security engineering projects
  • Consult with other engineers to help design secure products
  • Consult with go-to-market teams and clients
  • Perform code reviews
  • Build automated security / code quality tools
  • Perform proactive penetration testing
  • Run Retool’s bug bounty program
  • Audit cross-org processes and implement changes to ensure the confidentiality and integrity of Retool and Retool client data
  • Conduct engineering interviews for new team members
  • Serve as the security domain expert for the company


  • You have a track record of delivering security engineering projects and process improvements
  • You have a track record of building productive, collaborative relationships, both within an engineering org and across the broader company
  • You enjoy the ambiguity and high-ownership culture of early-stage startups.
  • You are pragmatic, solution-oriented, and scrappy
  • You enjoy working collaboratively with a broad range of job functions and roles
  • You have experience with our tech stack: Node, Postgres, Azure, Docker, Kubernetes
  • You have built out a security team in the past

Node, React, Typescript, Javascript, Docker, Kubernetes

Other jobs at Retool

fulltimeSan FranciscoFull Stack
fulltimeSan Francisco
fulltimeSan FranciscoFull Stack
fulltimeSan FranciscoRecruiter
fulltimeNew YorkFull Stack
fulltimeLondonFull Stack
fulltimeSan FranciscoFull Stack
fulltimeSan FranciscoFull Stack
fulltimeSan FranciscoFull Stack
fulltimeSan FranciscoFull Stack
fulltimeSan FranciscoFull Stack
fulltimeSan Francisco
fulltimeSan FranciscoRecruiter
fulltimeSan FranciscoFull Stack
fulltimeSan FranciscoFull Stack
fulltimeSan Francisco or New York / Remote3+ years
fulltimeSan FranciscoFull Stack
fulltimeSan FranciscoFull Stack
fulltimeSan FranciscoAny (new grads ok)
fulltimeNew YorkAny (new grads ok)
fulltimeSan FranciscoFull Stack
fulltimeSan Francisco or New York3+ years
fulltimeSan FranciscoAndroid3+ years

Hundreds of YC startups are hiring on Work at a Startup.

Sign up to see more ›