PROJECTS YOU MIGHT WORK ON- Data Access Control Layer: Design and build the system that enforces table-level, column-level, and row-level access controls across Retool's database connectors. You might work on: policy modeling, query rewriting to inject security constraints at the data engine, and building the admin UX that makes complex rules intuitive to configure. The goal: when a builder creates an app, the data security is already handled, automatically and invisibly.
- Hub & Admin Setup: Redesign how administrators onboard and manage Retool. Build the landing page experience, global search, and the guided setup flow that gets enterprises from sign-up to first production app faster. Surface security insights, flag under-authenticated resources, and create the admin dashboard that makes platform health visible at a glance. Build the features that change Retool from something that admins manage to a system that is self managing and self healing, with proper admin oversight and controls.
- Projects: Build the new organizational primitive for Retool. Projects group apps, agents, and workflows into a shared space with their own membership and role-based permissions. You'd design the data model, build the permissions layer, and create the UI that gives teams a clear home base, replacing a flat, unstructured console with something that scales to hundreds of teams.
- Automated Security Center & Admin Control Panel: Build the intelligent layer that proactively keeps Retool secure and well-governed. Surface under-authenticated resources, flag potentially dangerous access patterns, monitor usage analytics and spend, and integrate with compliance and DLP tools so security and admin teams get actionable insights instead of raw data, and Retool gets smarter about protecting customers the more they use it.
- Spaces & Instance Management: Build the controls that let enterprises govern multiple Retool Spaces and instances from a single pane of glass. Enforce organization-wide policies, like requiring all Spaces to use a specific SSO provider or AI configuration, and proactively identify misconfigurations or deviations from compliance requirements.
THE SKILLSET YOU'LL BRING- 2-8 years of professional software engineering experience, ideally some of which you've spent at startups
- Experience owning technically challenging, cross-functional projects from start to finish
- Strong fundamentals across the entire stack, with a strong grasp of backend systems design, data modeling, and building reliable, scalable software
- You communicate clearly in design docs, code reviews, and cross-functional discussions
- You care about code quality, testing, and leaving the codebase better than you found it
- You're motivated by solving real customer problems, not just writing clever code
NICE TO HAVE- Familiarity with Terraform or infrastructure-as-code practices
- Exposure to dbt, Databricks, or data pipeline tooling
- Experience building authorization, access control, or security systems
- Experience with policy engines, query rewriting, or data governance platforms
- Familiarity with RBAC, ABAC, or relationship-based access control models (Zanzibar, OPA, Cedar)
- Familiarity with authentication and authorization protocols (OAuth, SAML, SCIM, or similar)
- Experience designing taming complexity in admin-facing UIs or platform management tools
WHO YOU'LL WORK WITHYou'll join a team that sits at the intersection of security, platform infrastructure, and product experience. You'll work alongside engineers, product managers, and designers who care deeply about making enterprise governance feel effortless rather than burdensome. You'll also partner closely with teams across Retool because governance touches everything.
We're a hard-working, passionate bunch who are motivated by collaboration, strong results, and bringing the impact of Retool to our customers. When we're in the office, we enjoy eating lunch together, and we've been known for our lively game nights. But at the root of it all, we come together to show our customers and not-quite-yet customers how Retool can make them and their companies more efficient and successful.
We're building systems that the largest companies in the world will rely on to keep their data safe and their teams productive. If you want your work to be foundational, the kind of engineering that unlocks everything else, this is the team.
For candidates based in the United States, the pay range(s) for this role is listed below and represents base salary range for non-commissionable roles or on-target earnings (OTE) for commissionable roles. This salary range may be inclusive of several career levels at Retool and will be narrowed during the interview process based on a number of factors such as (but not limited to), scope and responsibilities, the candidate's experience and qualifications, and location.
Additional compensation in the form(s) of equity and/or commission are dependent on the position offered. Retool provides a comprehensive benefit plan, including medical, dental, vision, and 401(k). Pay and benefits are subject to change at any time, consistent with the terms of any applicable compensation or benefit plans.
The base pay range for this role is $163,800 - $306,000 per year.
Retool offers generous benefits to all employees and hybrid work location. For more information, please visit the benefits and perks section of our careers page!
Retool is currently set up to employ all roles in the US and specific roles in the UK. To find roles that can be employed in the UK, please refer to our careers page and review the indicated locations.