Application Security Engineer

Job description

WHY WE’RE LOOKING FOR YOU Retool handles our customers’ most sensitive data and provides a platform where they write and execute arbitrary code. The security surface that comes with that is large, nuanced, and genuinely interesting. As the platform grows and our customers’ trust in it deepens, the scope and ambition of our security program have grown with it. We’re looking for an Application Security Engineer who combines deep security fundamentals with real engineering execution. This is not a role for someone who audits from a distance or advises without getting their hands dirty. You’ll be in the code, spotting systemic patterns, and building the tooling and solutions that address them at scale. You’ll recognize when a one-off fix isn’t enough, synthesize what you’re seeing in the codebase, and work with engineering teams to make secure outcomes the default rather than the exception. You’ll need to understand the product deeply to secure it well: what customers build on Retool, where code executes, and how data flows. The security problems worth solving here live at the intersection of platform capability and customer trust, and your first team is the business, not just security...