Engineering Manager, Security at Retool

WHY WE’RE LOOKING FOR YOU

Retool aspires to be the single best way companies build internal tools, bringing good software to everyone. Central to this vision is an unwavering commitment to security. Retool both handles our clients’ most sensitive data and is only as useful as our security strength, so security is a core criterion for everything we build. Bringing our customers a powerful building environment demands nothing less than top-tier security across every inch of our product and platform — and here's exactly where your expertise comes into play. We are looking for an Engineering Manager to lead our Security Engineering function, driving Retool's security roadmap, building a world-class team, and ensuring our enterprise customers trust us with their most critical applications and workflows.

In this role, you’ll lead the charge in defining and executing our security strategy. This is a hands-on leadership position where you’ll build and scale a team dedicated to safeguarding our platform and ensuring compliance with industry standards. You’ll work closely with cross-functional teams to integrate security practices across all areas of development and product management, and you’ll engage directly with GTM and our customers directly—especially our enterprise clients—to address their unique security needs. 

At Retool, we're not just building a product—we're building a company where security is foundational to everything we do. If you're passionate about leading a critical function in a dynamic, innovative environment, we'd love to hear from you. Join us in safeguarding the future of how companies build and operate with Retool.

IN THIS ROLE, YOU WILL:

• Own the Security Roadmap: Define, communicate, and execute on a strategic vision for security at Retool, ensuring we stay ahead of evolving threats and compliance requirements.
• Build and Lead a Team: Recruit, mentor, and manage a high-performing team of security engineers. You'll be responsible for identifying talent, defining team goals, and fostering a culture of excellence.
• Cross-Functional Collaboration: Partner closely with product, engineering, and design teams to embed security into every aspect of our product development lifecycle.
• Governance, Risk, Compliance: Support the team in driving our GRC efforts, working closely with Legal, IT, People, and GTM.
• Customer Engagement: Act as the face of Retool’s security for our enterprise customers. This includes addressing customer inquiries, guiding them through our security posture, and ensuring that their specific needs are met.
• Process Improvement: Introduce scalable, repeatable processes that enhance our ability to deliver secure, compliant, and robust software. You'll help shape how we approach security as we continue to grow.
• Security Advocacy: Educate and empower our teams with the knowledge and tools they need to incorporate security best practices into their work, driving a security-first mindset across the organization.

THE SKILLSET YOU'LL BRING: 

• Strong leadership experience in engineering-driven security, you’ve successfully managed and scaled security engineering teams, preferably within a fast-paced, high-growth environment.
• Strong product and application security experience, with emphasis on implementing security controls in a SaaS environment—you can develop and execute a security roadmap that aligns with business goals, making sure our security practices keep pace with our growth.
• While you won't be writing code every day, you have a deep understanding of security principles, architecture, and compliance. You’re comfortable navigating complex systems and can engage in technical discussions with your team.
• You can translate complex security concepts into clear, actionable information for non-technical stakeholders—you're customer-centric and understand the importance of security to our customers, especially in the enterprise space
• You excel at working across teams, breaking down silos, and driving a security agenda that is integrated into the broader product and engineering efforts—you know how to build strong partnerships internally with Product, Engineering, Technical Customer Experience, Legal, and other teams toward security goals.
• Ability to assess and analyze security risks comprehensively, considering both business impact and technical impact in order to prioritize risk remediation with consideration to business goals and objectives.
• You have extensive familiarity with industry regulations (e.g., GDPR, ISO 27001, NIST 800-53, Fedramp) and hands-on experience ensuring compliance, along with a deep understanding of security technologies, application security programs, common vulnerabilities like OWASP Top 10, and security tooling such as SAST, DAST, as well as other testing technologies.
• Experience in managing security vendors, ensuring they meet our rigorous standards, and in working closely with internal and external stakeholders to drive alignment and results.