Systems Engineer, Corporate Security

Ramp•New York, NY

18h•Hybrid

About The Position

Ramp's Corporate Security team is responsible for keeping our people, data, and internal tools safe while enabling a fast-moving, AI-driven business. As a Staff Systems Engineer on the Corporate Security team, you'll own the systems that control how every employee, contractor, and AI agent at Ramp authenticates, accesses resources, and stays secure — across every device and every platform. This is a staff-level, hands-on individual contributor role, not a people-management position. You'll be the technical owner of identity and endpoint infrastructure: building and implementing how we authenticate at scale, hardening the devices our workforce uses every day, and designing AI-driven automation that replaces manual security operations with intelligent, agent-based workflows. You'll work to ensure Ramp's internal security posture matches the speed and ambition of the company building on top of it. If you want to define how a leading fintech secures its workforce in the age of AI agents — and you'd rather build the automation than run the playbook — this is the role.

Requirements

7+ years of experience in systems engineering, security engineering, or IT security — with deep, hands-on expertise in identity and access management (Okta, Azure AD/Entra ID, or equivalent) and endpoint management (Jamf, Intune, or equivalent).
Strong technical depth across macOS and Windows fleet management: MDM configuration, device trust, compliance enforcement, patching, and declarative device management.
Experience designing and operating SSO, MFA, and zero-trust authentication architectures at scale — platform SSO, device-bound SSO, passwordless authentication.
Demonstrated ability to build automation that replaces manual processes. You default to scripting, building, and automating rather than running playbooks. Experience with AI/ML tooling for security automation is a strong plus.
Familiarity with compliance frameworks (SOC 2, FedRAMP, NIST 800-53, ISO 27001) and experience supporting audit readiness from the endpoint and identity side.
Ability to operate independently with minimal oversight. You find the problem, scope the fix, ship it, and move on. You don't wait for tickets — you see what's broken and go fix it.
Clear, concise communication. You can explain complex identity and endpoint decisions to PMs, engineering leads, and executives without hiding behind jargon.

Nice To Haves

Experience with C1, 1Password, CrowdStrike, Push Security, or similar identity governance and endpoint defense tooling.
Experience securing or enabling AI/agent workflows inside an enterprise — governing how AI systems authenticate and access internal resources.
Hands-on experience with AI coding tools (Claude, Codex, Copilot) to accelerate your own engineering work and build AI-assisted security workflows.
Experience in a high-growth, cloud-first startup or scale-up environment where you had to build and ship fast with limited resources.
Background operating sovereign or regulated tenants (FedRAMP, StateRAMP, Okta Gov, or similar).
Scripting proficiency (Python, Bash, PowerShell) for automation and integrations.

Responsibilities

Own endpoint security and fleet management. Build and maintain the security and compliance of every Mac and PC across all offices and remote employees through Jamf and Intune — device trust enforcement, configuration management, patching, and vulnerability remediation at scale.
Own identity and access infrastructure. Architect, build, and operate Ramp's identity platform — Okta, platform SSO, device-bound authentication, and entitlement governance. You'll ensure every employee, contractor, and system authenticates securely, and that new tools and vendors can be connected safely without opening gaps.
Build AI agents that automate security operations. Design and deploy AI-driven automation to replace manual, repetitive security work: vulnerability triage and remediation prioritization, identity threat detection, compliance posture enforcement, and audit evidence collection. You'll turn reactive processes into autonomous workflows.
Define AI agent identity governance. As Ramp deploys AI agents into production, you'll define how those agents authenticate, what data and systems they can access, and how their activity is audited. This is net-new, fast-growing work at the intersection of security and AI.
Partner on corporate security hardening. Work closely with the Corporate Security program team to harden Ramp's core platforms (Okta, Google Workspace, Microsoft 365), manage endpoint defense tooling (CrowdStrike, Push Security), and support public sector and compliance requirements (FedRAMP, SOC 2).
Unblock cross-functional teams. A stable, well-architected identity and endpoint layer directly enables engineering teams to ship faster. You'll keep the foundation solid so others can build on it without hitting security friction.