Secure the Future of Finance with Ramp
At Ramp, we're not just building a financial operations platform; we're architecting the future of finance with AI. Join a team that's pioneering agent-first technologies and empowering businesses to reclaim time and maximize impact. If you're passionate about cybersecurity and want to shape the security landscape of a rapidly growing fintech innovator, we want to hear from you.
Ramp combines payments, corporate cards, vendor management, procurement, travel booking, and automated bookkeeping into a single, intelligent platform. We've saved over 40,000 businesses $10B and 27.5M hours. Backed by top investors and recognized as a leader in innovation, Ramp is where your security expertise can make a real difference.
Enterprise Security Engineer
Become a key player on Ramp’s Enterprise Security team, responsible for the operationalization of core and sovereign security programs. You'll be at the forefront of protecting our AI-driven platform, overseeing Insider Risk, DLP, SaaS posture, and Endpoint security across both corporate and FedRAMP-aligned environments. Your mission: set the strategy, implement robust controls, and meticulously measure outcomes, all while securely enabling innovative AI assistants and automated workflows.
Important: This role requires in-person collaboration at our NYC HQ (near Madison Square Park) at least 2 days per week.
What You'll Be Doing
Hardening Core Programs: Evaluate and enhance Insider Risk and DLP coverage; fine-tune detections, policies, and end-to-end workflows.
Securing SaaS at Scale: Leverage SSPM/CASB and configuration baselines to remediate misconfigurations, remove stale access/admins, enforce key rotation, and govern risky app/OAuth scopes.
Operating Sovereign SaaS: Maintain strict access and monitoring for sovereign Google Workspace and Okta tenants; ensure controls align with NIST 800-53/800-171 and FedRAMP requirements.
Modernizing Identity & Access: Enforce phishing-resistant MFA, device-aware access, least privilege/JIT, SCIM lifecycle, and strong break-glass patterns.
Endpoint & Network Defense: Maintain hardened macOS/Windows environments at scale (EDR, disk encryption, MDM), enforce patch SLAs, and implement ZTNA/SSE (e.g., Cloudflare WARP) policies.
Continuous Improvement: Define metrics (coverage, policy efficacy, MTTD/MTTR, configuration drift), conduct control health reviews, and close gaps across corporate and sovereign environments.
Collaboration & Documentation: Partner with IT to validate endpoint agents and patching; document risks, decisions, and create concise runbooks.
What You'll Need to Succeed
3+ years of experience in enterprise/corporate security engineering or operations.
U.S. citizenship is required for this role.
Proven track record of hardening Insider Risk, DLP, SaaS posture, and endpoint controls.
Hands-on experience with Okta administration and Google Workspace security configuration.
Experience with EDR/MDM, SSPM/CASB, DSPM, and ZTNA/SSE; macOS/Windows hardening at scale.
Solid understanding of IAM and control mapping in FedRAMP-aligned environments; familiarity with NIST 800-53/171.
Ability to identify gaps, design remediations, automate where possible, and drive adoption across teams.
Excellent communication skills, capable of writing clear and concise documentation and runbooks.
Bonus Points
Experience aligning Google Workspace and Okta to regulated/sovereign requirements.
Background scaling security in a high-growth, cloud-first company.
Relevant certifications (CISSP, CISM, Security+, GIAC) or equivalent real-world experience.
Benefits (for U.S.-based full-time employees)
100% medical, dental & vision insurance coverage for you
Partially covered for your dependents
One Medical annual membership
401k (including employer match on contributions made while employed by Ramp)
Flexible PTO
Fertility HRA (up to $5,000 per year)
WFH stipend to support your home office needs
Wellness stipend
Parental Leave
Relocation support to NYC or SF (as needed)
Pet insurance
Referral Instructions
If you are being referred for the role, please contact that person to apply on your behalf.
Other notices
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Ramp Applicant Privacy Notice