Senior Security Analyst | Corporate Security

1 week ago

New York, NY, United States RAMP Full time
About Ramp

At Ramp, we're rethinking how modern finance teams function in the age of AI. We believe AI isn't just the next big wave. It's the new foundation for how business gets done. We're investing in that future - and in the people bold enough to build it.

Ramp is a financial operations platform designed to save companies time and money. Our all-in-one solution combines payments, corporate cards, vendor management, procurement, travel booking, and automated bookkeeping with built-in intelligence to maximize the impact of every dollar and hour spent. More than 50,000 businesses, from family-owned farms to e-commerce giants to space startups, have saved $10B and 27.5M hours with Ramp. Founded in 2019, Ramp powers the fastest-growing corporate card and bill payment platform in America, and enables over $100 billion in purchases each year.

Ramp's investors include Lightspeed Venture Partners, Thrive Capital, Sands Capital, General Catalyst, Founders Fund, Khosla Ventures, Sequoia Capital, Greylock, Redpoint, and ICONIQ, as well as over 100 angel investors who were founders or executives of leading companies. The Ramp team comprises talented leaders from leading financial services and fintech companies-Stripe, Affirm, Goldman Sachs, American Express, Mastercard, Visa, Capital One-as well as technology companies such as Meta, Uber, Netflix, Twitter, Dropbox, and Instacart.

Ramp has been named to Fast Company's Most Innovative Companies list and LinkedIn's Top U.S. Startups for more than 3 years, as well as the Forbes Cloud 100, CNBC Disruptor 50, and TIME Magazine's 100 Most Influential Companies.

About the Role

Ramp's Enterprise Security team is responsible for keeping our people, data, and internal tools safe while enabling a fastmoving, AIdriven business.

As a Senior Security Analyst (Corporate Security), you'll own and scale core security programs across identity, endpoints, SaaS, and data. You'll be the primary driver for Insider Risk, DLP, SaaS posture, and endpoint security across both our corporate and FedRAMPaligned environments-designing strategy, implementing controls, and measuring outcomes.

Ramp is agentfirst: we rely heavily on AI assistants and automated workflows. You'll ensure those capabilities are securely rolled out to the business, not blocked.

Hybrid in NYC: This role is based in New York City and requires working inperson at our HQ (near Madison Square Park) at least 2 days per week.

This is a senior, handson individual contributor role (IC5), not a peoplemanagement or SOC Tier 1 position.

What You'll Do
  • Own core enterprise security programs Lead and continuously improve Insider Risk and DLP across Ramp-from policies and detections to playbooks, case handling, and stakeholder training.
  • Secure SaaS at scale Manage and harden our SaaS stack (SSPM/CASB and native controls):
    • Remediate misconfigurations
    • Remove stale accounts/admins
    • Enforce key rotation and safe OAuth scopes
    • Gate risky apps and integrations
  • Run sovereign / FedRAMPaligned environments Operate sovereign Google Workspace and Okta tenants with strict access, monitoring, and logging. Partner with GRC to ensure controls align to NIST 80053/800171 and FedRAMPaligned requirements without slowing down the business.
  • Modernize identity & access Work with IT and Security Engineering to enforce:
    • Phishingresistant MFA
    • Deviceaware and contextaware access
    • Least privilege and justintime (JIT) patterns
    • SCIMbased lifecycle management
    • Strong breakglass access patterns and reviews
  • Harden endpoints and network Help keep our macOS and Windows fleets secure at scale using EDR, MDM, and disk encryption; drive patch SLAs; and enforce ZTNA/SSE policies (e.g., Cloudflare WARP) for secure access to internal resources.
  • Measure, review, and improve Define and track key metrics (coverage, policy efficacy, MTTD/MTTR, configuration drift). Run regular control health reviews and drive remediation with partner teams.
  • Automate and simplify Use scripting, APIs, or workflow tools to reduce manual toil in enterprise security operations (e.g., account hygiene, access reviews, configuration checks, alert triage).
  • Partner & communicate Collaborate closely with IT, Engineering, Legal, People, and GRC. Write clear docs, runbooks, and decision records that make it easy for others to operate and build on your work.
What You Need
  • Experience level
    • 3+ years in enterprise/corporate security engineering or operations, with handson ownership of security controls for identity, endpoints, SaaS, or data.
    • You're comfortable being the primary owner of programs, not just following an existing playbook.
  • Eligibility
    • U.S. citizenship is required for this role due to the nature of our sovereign / FedRAMPaligned environments.
  • Technical background
    • Practical experience implementing and tuning Insider Risk, DLP, SaaS posture, or endpoint security in a cloudfirst environment.
    • Handson administration of a modern identity provider and collaboration suite-Okta and Google Workspace are ideal, but similar experience (e.g., Azure AD / Entra ID, Microsoft 365) is highly relevant.
    • Familiarity with tools and concepts like EDR, MDM, SSPM/CASB, DSPM, and ZTNA/SSE, and experience hardening macOS and/or Windows at scale.
    • Experience aligning controls to at least one security framework or regulated environment (e.g., FedRAMP, NIST 80053/171, SOC 2, ISO 27001) and translating requirements into practical enterprise controls.
  • How you work
    • You can spot gaps, design pragmatic remediations, and drive them to completion across multiple teams.
    • You're comfortable using automation (scripts, workflows, or lowcode tools) to make security more scalable and less manual.
    • You communicate clearly-whether you're writing a runbook, summarizing risk tradeoffs, or explaining a control choice to nonsecurity partners.
    • You enjoy partnering with IT and Engineering to get things shipped, not just documented.
Nice-to-Haves
  • Experience operating sovereign or publicsector / regulated tenants (e.g., FedRAMP, StateRAMP, or similar).
  • Background scaling security in a highgrowth, cloudfirst startup or scaleup environment (ideal but not required).
  • Experience securing or enabling AI/agent workflows inside an enterprise.
  • Intermediate scripting skills (e.g., Python, Bash, PowerShell) for automation and integrations.
  • Relevant certifications (e.g., CISSP, CISM, Security+, GIAC) or equivalent realworld depth.
Benefits (for U.S.-based full-time employees)
  • 100% medical, dental & vision insurance coverage for you
    • Partially covered for your dependents
    • One Medical annual membership
  • 401k (including employer match on contributions made while employed by Ramp)
  • Flexible PTO
  • Fertility HRA (up to $10,000 per year)
  • Parental Leave
  • Pet insurance
  • Centralized home-office equipment ordering for all employees
  • Health and Wellness stipend
  • In-office perks: lunch, snacks, drinks, and more
  • Budget for intra-office travel
  • Relocation support to NYC or SF (as needed)


Referral Instructions

If you are being referred for the role, please contact that person to apply on your behalf.

Other notices

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Ramp Applicant Privacy Notice

  • IT Security Analyst

    6 days ago

    New York, NY, United States Global Technical Talent Full time

    Primary Job Title: IT Security Analyst Alternate / Related Job Titles: Information Security Advisor Cybersecurity Analyst Security Risk Analyst Cloud Security Analyst IT Risk & Compliance Analyst Location & Onsite Flexibility: New York City, NY Hybrid - Onsite at least 2x per week Contract Details Position Type: Contract Contract Duration: 6 Months...

  • Investment & Corporate Banking - Equity Capital Markets, Analyst

    1 week ago

    New York, NY, United States Mizuho Corporate Bank Full time

    Banking Americas Mizuho’s Banking Division provides corporate and investment banking coverage, sponsor coverage, advisory and solutions and loan capital markets/syndicate to Mizuho’s client base of leading international corporations, financial institutions and public sector entities in the US and Canada. Banking supports client business activities...

  • Security Site Manager

    1 week ago

    New York, NY, United States Garda World Security Full time

    Become a Security Site Manager at GardaWorld! As a Security Site Manager, you will oversee the daily operations of a security site, ensuring the safety and security of the premises. You'll manage security personnel, coordinate with clients, handle incidents, and maintain compliance with security protocols. Your role includes scheduling staff, conducting site...

  • Security Site Manager

    5 days ago

    New York, NY, United States Garda World Security Full time

    Become a Security Site Manager at GardaWorld! As a Security Site Manager, you will oversee the daily operations of a security site, ensuring the safety and security of the premises. You'll manage security personnel, coordinate with clients, handle incidents, and maintain compliance with security protocols. Your role includes scheduling staff, conducting site...

  • Security Site Manager

    5 days ago

    New York, NY, United States Garda World Security Full time

    Become a Security Site Manager at GardaWorld! As a Security Site Manager, you will oversee the daily operations of a security site, ensuring the safety and security of the premises. You'll manage security personnel, coordinate with clients, handle incidents, and maintain compliance with security protocols. Your role includes scheduling staff, conducting site...

  • Security Site Manager

    5 days ago

    New York, NY, United States Garda World Security Full time

    Become a Security Site Manager at GardaWorld! As a Security Site Manager, you will oversee the daily operations of a security site, ensuring the safety and security of the premises. You'll manage security personnel, coordinate with clients, handle incidents, and maintain compliance with security protocols. Your role includes scheduling staff, conducting site...

  • Security Site Manager

    5 days ago

    New York, NY, United States Garda World Security Full time

    Become a Security Site Manager at GardaWorld! As a Security Site Manager, you will oversee the daily operations of a security site, ensuring the safety and security of the premises. You'll manage security personnel, coordinate with clients, handle incidents, and maintain compliance with security protocols. Your role includes scheduling staff, conducting site...

  • Security Site Manager

    5 days ago

    New York, NY, United States Garda World Security Full time

    Become a Security Site Manager at GardaWorld! As a Security Site Manager, you will oversee the daily operations of a security site, ensuring the safety and security of the premises. You'll manage security personnel, coordinate with clients, handle incidents, and maintain compliance with security protocols. Your role includes scheduling staff, conducting site...

  • Security Site Manager

    5 days ago

    New York, NY, United States Garda World Security Full time

    Become a Security Site Manager at GardaWorld! As a Security Site Manager, you will oversee the daily operations of a security site, ensuring the safety and security of the premises. You'll manage security personnel, coordinate with clients, handle incidents, and maintain compliance with security protocols. Your role includes scheduling staff, conducting site...

  • Security Site Manager

    5 days ago

    New York, NY, United States Garda World Security Full time

    Become a Security Site Manager at GardaWorld! As a Security Site Manager, you will oversee the daily operations of a security site, ensuring the safety and security of the premises. You'll manage security personnel, coordinate with clients, handle incidents, and maintain compliance with security protocols. Your role includes scheduling staff, conducting site...