Systems Engineer, Corporate Security

ABOUT RAMP Ramp is building the smart infrastructure for finance teams, embedded in the transaction flow of every dollar a business spends. We automate how over $100B in annualized spend flows in and out of 50,000+ companies: authorizing payments, flagging risk, categorizing spend, and closing books. The problems are high-stakes, data-dense, and unforgiving. We hire people with high agency and high urgency. We look for slope over intercept. We care less about where you trained and more about what you’ve built. At Ramp, everyone is a builder who owns problems end to end and makes consequential decisions that shape the outcome. The median Ramp customer saves 5% and grows revenue 16% in their first year – far in excess of businesses operating without Ramp. We believe every ambitious company deserves the same. If you want to build systems that directly shape how companies move and manage billions, Ramp is the place to do it. ABOUT THE ROLE Ramp's Corporate Security team is responsible for keeping our people, data, and internal tools safe while enabling a fast-moving, AI-driven business. As a Staff Systems Engineer on the Corporate Security team, you'll own the systems that control how every employee, contractor, and AI agent at Ramp authenticates, accesses resources, and stays secure — across every device and every platform. This is a staff-level, hands-on individual contributor role, not a people-management position. You'll be the technical owner of identity and endpoint infrastructure: building and implementing how we authenticate at scale, hardening the devices our workforce uses every day, and designing AI-driven automation that replaces manual security operations with intelligent, agent-based workflows. You'll work to ensure Ramp's internal security posture matches the speed and ambition of the company building on top of it. If you want to define how a leading fintech secures its workforce in the age of AI agents — and you'd rather build the automation than run the playbook — this is the role. WHAT YOU'LL DO - Own endpoint security and fleet management. Build and maintain the security and compliance of every Mac and PC across all offices and remote employees through Jamf and Intune — device trust enforcement, configuration management, patching, and vulnerability remediation at scale. - Own identity and access infrastructure. Architect, build, and operate Ramp's identity platform — Okta, platform SSO, device-bound authentication, and entitlement governance. You'll ensure every employee, contractor, and system authenticates securely, and that new tools and vendors can be connected safely without opening gaps. - Build AI agents that automate security operations. Design and deploy AI-driven automation to replace manual, repetitive security work: vulnerability triage and remediation prioritization, identity threat detection, compliance posture enforcement, and audit evidence collection. You'll turn reactive processes into autonomous workflows. - Define AI agent identity governance. As Ramp deploys AI agents into production, you'll define how those agents authenticate, what data and systems they can access, and how their activity is audited. This is net-new, fast-growing work at the intersection of security and AI. - Partner on corporate security hardening. Work closely with the Corporate Security program team to harden Ramp's core platforms (Okta, Google Workspace, Microsoft 365), manage endpoint defense tooling (CrowdStrike, Push Security), and support public sector and compliance requirements (FedRAMP, SOC 2). - Unblock cross-functional teams. A stable, well-architected identity and endpoint layer directly enables engineering teams to ship faster. You'll keep the foundation solid so others can build on it without hitting security friction. WHAT YOU NEED - 7+ years of experience in systems engineering, security engineering, or IT security — with deep, hands-on expertise in identity and access management (Okta, Azure AD/Entra ID, or equivalent) and endpoint management (Jamf, Intune, or equivalent). - Strong technical depth across macOS and Windows fleet management: MDM configuration, device trust, compliance enforcement, patching, and declarative device management. - Experience designing and operating SSO, MFA, and zero-trust authentication architectures at scale — platform SSO, device-bound SSO, passwordless authentication. - Demonstrated ability to build automation that replaces manual processes. You default to scripting, building, and automating rather than running playbooks. Experience with AI/ML tooling for security automation is a strong plus. - Familiarity with compliance frameworks (SOC 2, FedRAMP, NIST 800-53, ISO 27001) and experience supporting audit readiness from the endpoint and identity side. - Ability to operate independently with minimal oversight. You find the problem, scope the fix, ship it, and move on. You don't wait for tickets — you see what's broken and go fix it. - Clear, concise communication. You can explain complex identity and endpoint decisions to PMs, engineering leads, and executives without hiding behind jargon. NICE TO HAVES - Experience with C1, 1Password, CrowdStrike, Push Security, or similar identity governance and endpoint defense tooling. - Experience securing or enabling AI/agent workflows inside an enterprise — governing how AI systems authenticate and access internal resources. - Hands-on experience with AI coding tools (Claude, Codex, Copilot) to accelerate your own engineering work and build AI-assisted security workflows. - Experience in a high-growth, cloud-first startup or scale-up environment where you had to build and ship fast with limited resources. - Background operating sovereign or regulated tenants (FedRAMP, StateRAMP, Okta Gov, or similar). - Scripting proficiency (Python, Bash, PowerShell) for automation and integrations. BENEFITS (FOR U.S.-BASED FULL-TIME EMPLOYEES) - 100% medical, dental & vision insurance coverage for you - Partially covered for your dependents - One Medical annual membership - 401k (including employer match on contributions made while employed by Ramp) - Flexible PTO - Fertility HRA (up to $10,000 per year) - Parental Leave - Unlimited AI token usage - Pet insurance - Centralized home-office equipment ordering for all employees - Health and Wellness stipend - In-office perks: lunch, snacks, drinks, and more - Budget for intra-office travel - Relocation support to NYC or SF (as needed) REFERRAL INSTRUCTIONS If you are being referred for the role, please contact that person to apply on your behalf. OTHER NOTICES Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. Beware of recruiting scams: Ramp will only contact you through official @Ramp.com http://Ramp.com email addresses and will never ask for payment or sensitive personal information during the hiring process. Ramp Applicant Privacy Notice https://ramp.com/legal/applicant-privacy-notice