Gem

Application Security Engineer

Gem$231K — $318K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years of hands-on experience in application security and security engineering, with a focus on building rather than just assessing solutions.
  • Proven ability to operate independently while exercising good judgment in a dynamic environment.
  • Strong communication skills that foster trust and clarity with engineering teams regarding security matters.
  • A history of shipping effective security tooling or automation that benefits multiple teams.
  • Deep technical expertise in code review and the ability to identify and address bugs effectively.
  • Proficiency in TypeScript and Python, essential for working on Retool's platform and security tools.
  • Solid foundations in AppSec, including threat modeling and understanding of vulnerability classes with a focus on durable solutions.

Responsibilities

  • Identify and rectify systemic security gaps in engineering workflows, ensuring durable solutions are implemented.
  • Develop security tools and automation to manage vulnerabilities, prioritizing proactive issue resolution.
  • Conduct comprehensive code and security design reviews to gauge architectural tradeoffs effectively.
  • Lead threat modeling for new features, translating security needs into actionable guidance for developers.
  • Adapt the security approach to fit the evolving landscape of AI-assisted development within the company.
  • Manage the tracking and remediation of vulnerabilities alongside product engineering, and partake in penetration testing and bug bounty efforts.

Benefits

  • Comprehensive medical, dental, and vision insurance.
  • 401(k) retirement plan with company match.
  • Hybrid work location offering flexibility.
  • Equity compensation options based on role.
  • A supportive work environment that fosters individual development.
Full Job Description
IN THIS ROLE, YOU WILL:

  • Identify systemic security gaps in our codebase and engineering workflows, and work with engineering teams to design and ship durable solutions; you'll drive solutions, not just surface problems
  • Build security tooling, automation, and code-level controls that address classes of vulnerabilities, including custom linters, static analysis rules, and automated checks, shifting the cost of catching issues left rather than handling them one at a time or after they've reached production
  • Conduct in-depth code reviews and security design reviews for significant product initiatives, with the technical depth to engage meaningfully with architectural tradeoffs rather than just flag issues for others to resolve
  • Drive threat modeling and security assessments for new features, and translate security requirements into practical engineering guidance that developers can actually act on
  • Contribute to the team's evolving approach to security as AI-assisted development scales internally, including how faster and higher-volume code production changes how we find, prioritize, and fix risks
  • Triage, track, and drive remediation of vulnerabilities with product engineering teams, and contribute to our penetration testing and bug bounty programs


THE SKILLSET YOU'LL BRING:

  • 5+ years of hands-on experience in application security and security engineering: you've built things, not only assessed them, and your background is not mainly consulting, audit, or compliance work
  • The ability to operate independently with good judgment in a fast-moving environment: you prioritize well by understanding the needs of the business and our shared objectives, make calls with incomplete information, and know when to move fast versus when to slow down and get it right, or escalate and ask for help
  • Communication that earns trust: you can make security legible to engineers without being preachy, and you measure your impact by how well you've supported the business, not by how many issues you catalogued
  • A track record of shipping security tooling or automation that improved things for more than one team
  • Genuine engineering depth: you can read, reason about, and review code at the level needed to find real bugs and understand their root causes, not just pattern-match to a checklist
  • Comfort working in TypeScript and Python: Retool's platform is built in TypeScript and our security tooling leans on Python, you'll need to be productive in both and not just conversant
  • Strong AppSec fundamentals: threat modeling, secure code review, a working understanding of common vulnerability classes and, importantly, how to address them durably rather than symptomatically
  • A pragmatic, signal-oriented relationship with AI tooling: you reach for it where it genuinely sharpens your work, you're skeptical where it doesn't, and you're thinking about what developer-side AI adoption means for how security risk compounds at scale


NICE TO HAVE:

  • Offensive security experience like bug bounty, CTF participation, redteam, or pentesting work
  • Experience building or contributing to SAST pipelines, custom static analysis rules, or automated security testing infrastructure
  • Prior experience at a startup or high-growth scaleup, where security programs aren't fully pre-defined and priorities shift


For candidates based in the United States, the pay range(s) for this role is listed below and represents base salary range for non-commissionable roles or on-target earnings (OTE) for commissionable roles. This salary range may be inclusive of several career levels at Retool and will be narrowed during the interview process based on a number of factors such as (but not limited to), scope and responsibilities, the candidate's experience and qualifications, and location.

Additional compensation in the form(s) of equity and/or commission are dependent on the position offered. Retool provides a comprehensive benefit plan, including medical, dental, vision, and 401(k). Pay and benefits are subject to change at any time, consistent with the terms of any applicable compensation or benefit plans.

The base pay range for this role is $231,900 - $318,250 per year.

Retool offers generous benefits to all employees and hybrid work location. For more information, please visit the benefits and perks section of our careers page!

Retool is currently set up to employ all roles in the US and specific roles in the UK. To find roles that can be employed in the UK, please refer to our careers page and review the indicated locations.

Similar Jobs

More Jobs at Gem

More Information Technology Jobs

Find similar Application Security Engineer jobs: