Senior Security Analyst | Corporate Security

About Ramp At Ramp, we’re rethinking how modern finance teams function in the age of AI. We believe AI isn’t just the next big wave. It’s the new foundation for how business gets done. We’re investing in that future — and in the people bold enough to build it. Ramp is a financial operations platform designed to save companies time and money. Our all-in-one solution combines payments, corporate cards, vendor management, procurement, travel booking, and automated bookkeeping with built-in intelligence to maximize the impact of every dollar and hour spent. More than 50,000 businesses, from family-owned farms to e-commerce giants to space startups, have saved $10B and 27.5M hours with Ramp. Founded in 2019, Ramp powers the fastest-growing corporate card and bill payment platform in America, and enables over $100 billion in purchases each year. Ramp’s investors include Lightspeed Venture Partners, Thrive Capital, Sands Capital, General Catalyst, Founders Fund, Khosla Ventures, Sequoia Capital, Greylock, Redpoint, and ICONIQ, as well as over 100 angel investors who were founders or executives of leading companies. The Ramp team comprises talented leaders from leading financial services and fintech companies—Stripe, Affirm, Goldman Sachs, American Express, Mastercard, Visa, Capital One—as well as technology companies such as Meta, Uber, Netflix, Twitter, Dropbox, and Instacart. Ramp has been named to Fast Company’s Most Innovative Companies list and LinkedIn’s Top U.S. Startups for more than 3 years, as well as the Forbes Cloud 100, CNBC Disruptor 50, and TIME Magazine’s 100 Most Influential Companies. About the Role Ramp’s Enterprise Security team is responsible for keeping our people, data, and internal tools safe while enabling a fast‑moving, AI‑driven business. As a Senior Security Analyst (Corporate Security), you’ll own and scale core security programs across identity, endpoints, SaaS, and data. You’ll be the primary driver for Insider Risk, DLP, SaaS posture, and endpoint security across both our corporate and FedRAMP‑aligned environments—designing strategy, implementing controls, and measuring outcomes. Ramp is agent‑first: we rely heavily on AI assistants and automated workflows. You’ll ensure those capabilities are securely rolled out to the business, not blocked. Hybrid in NYC: This role is based in New York City and requires working in‑person at our HQ (near Madison Square Park) at least 2 days per week. This is a senior, hands‑on individual contributor role (IC5), not a people‑management or SOC Tier 1 position. What You’ll Do • Own core enterprise security programs Lead and continuously improve Insider Risk and DLP across Ramp—from policies and detections to playbooks, case handling, and stakeholder training. • Secure SaaS at scale Manage and harden our SaaS stack (SSPM/CASB and native controls): • Remediate misconfigurations • Remove stale accounts/admins • Enforce key rotation and safe OAuth scopes • Gate risky apps and integrations • Run sovereign / FedRAMP‑aligned environments Operate sovereign Google Workspace and Okta tenants with strict access, monitoring, and logging. Partner with GRC to ensure controls align to NIST 800‑53/800‑171 and FedRAMP‑aligned requirements without slowing down the business. • Modernize identity & access Work with IT and Security Engineering to enforce: • Phishing‑resistant MFA • Device‑aware and context‑aware access • Least privilege and just‑in‑time (JIT) patterns • SCIM‑based lifecycle management • Strong break‑glass access patterns and reviews • Harden endpoints and network Help keep our macOS and Windows fleets secure at scale using EDR, MDM, and disk encryption; drive patch SLAs; and enforce ZTNA/SSE policies (e.g., Cloudflare WARP) for secure access to internal resources. • Measure, review, and improve Define and track key metrics (coverage, policy efficacy, MTTD/MTTR, configuration drift). Run regular control health reviews and drive remediation with partner teams. • Automate and simplify Use scripting, APIs, or workflow tools to reduce manual toil in enterprise security operations (e.g., account hygiene, access reviews, configuration checks, alert triage). • Partner & communicate Collaborate closely with IT, Engineering, Legal, People, and GRC. Write clear docs, runbooks, and decision records that make it easy for others to operate and build on your work. What You Need • Experience level • 3+ years in enterprise/corporate security engineering or operations, with hands‑on ownership of security controls for identity, endpoints, SaaS, or data. • You’re comfortable being the primary owner of programs, not just following an existing playbook. • Eligibility • U.S. citizenship is required for this role due to the nature of our sovereign / FedRAMP‑aligned environments. • Technical background • Practical experience implementing and tuning Insider Risk, DLP, SaaS posture, or endpoint security in a cloud‑first environment. • Hands‑on administration of a modern identity provider and collaboration suite—Okta and Google Workspace are ideal, but similar experience (e.g., Azure AD / Entra ID, Microsoft 365) is highly relevant. • Familiarity with tools and concepts like EDR, MDM, SSPM/CASB, DSPM, and ZTNA/SSE, and experience hardening macOS and/or Windows at scale. • Experience aligning controls to at least one security framework or regulated environment (e.g., FedRAMP, NIST 800‑53/171, SOC 2, ISO 27001) and translating requirements into practical enterprise controls. • How you work • You can spot gaps, design pragmatic remediations, and drive them to completion across multiple teams. • You’re comfortable using automation (scripts, workflows, or low‑code tools) to make security more scalable and less manual. • You communicate clearly—whether you’re writing a runbook, summarizing risk tradeoffs, or explaining a control choice to non‑security partners. • You enjoy partnering with IT and Engineering to get things shipped, not just documented. Nice-to-Haves • Experience operating sovereign or public‑sector / regulated tenants (e.g., FedRAMP, StateRAMP, or similar). • Background scaling security in a high‑growth, cloud‑first startup or scale‑up environment (ideal but not required). • Experience securing or enabling AI/agent workflows inside an enterprise. • Intermediate scripting skills (e.g., Python, Bash, PowerShell) for automation and integrations. • Relevant certifications (e.g., CISSP, CISM, Security+, GIAC) or equivalent real‑world depth. Benefits (for U.S.-based full-time employees) • 100% medical, dental & vision insurance coverage for you • Partially covered for your dependents • One Medical annual membership • 401k (including employer match on contributions made while employed by Ramp) • Flexible PTO • Fertility HRA (up to $5,000 per year) • WFH stipend to support your home office needs • Wellness stipend • Parental Leave • Relocation support to NYC or SF (as needed) • Pet insurance Referral Instructions If you are being referred for the role, please contact that person to apply on your behalf. Other notices Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. Ramp Applicant Privacy Notice Apply tot his job