Paribus (Ramp)
Ramp Enterprise Security Role
Join Ramp's Enterprise Security team to operationalize core and sovereign security programs. You'll oversee Insider Risk, DLP, SaaS posture, and Endpoint security across corporate and FedRAMP-aligned environmentssetting strategy, implementing controls, and measuring outcomes. Ramp is agent?first: you will securely enable AI assistants and automated workflows across the enterprise. Please note that this role will require you to be comfortable with working in-person at our NYC HQ (located near Madison Square Park) at least 2 days/week. What You'll Do
Harden Core Programs: Evaluate and uplift Insider Risk and DLP coverage; tune detections, policies, and workflows end?to?end.
Secure SaaS at Scale: Use SSPM/CASB and configuration baselines to remediate misconfigurations, remove stale access/admins, enforce key rotation, and gate risky app/OAuth scopes.
Operate Sovereign SaaS: Maintain strict access and monitoring for sovereign Google Workspace and Okta tenants; ensure controls map to NIST 800?53/800?171 and FedRAMP-aligned requirements.
Modernize Identity & Access: Enforce phishing?resistant MFA, device?aware access, least privilege/JIT, SCIM life?cycle, and strong break?glass patterns.
Endpoint & Network Defense: Keep macOS/Windows hardened at scale (EDR, disk encryption, MDM), ensure patch SLAs, and apply ZTNA/SSE (e.g., Cloudflare WARP) policies.
Continuous Improvement: Define metrics (coverage, policy efficacy, MTTD/MTTR, configuration drift), run control health reviews, and close gaps across corporate and sovereign environments.
Partner & Ship: Work with IT to validate endpoint agents and patching; document risks, decisions, and runbooks succinctly.
What You Need
3+ years in enterprise/corporate security engineering or operations.
U.S. citizenship is required for this role.
Proven delivery hardening Insider Risk, DLP, SaaS posture, and endpoint controls.
Hands?on Okta administration and Google Workspace security configuration.
Experience with EDR/MDM, SSPM/CASB, DSPM, and ZTNA/SSE; macOS/Windows hardening at scale.
Solid grasp of IAM and control mapping in FedRAMP-aligned environments; familiarity with NIST 800?53/171.
Ability to identify gaps, design remediations, automate where possible, and drive adoption across teams.
Clear, concise communicator who writes crisp docs and runbooks.
Nice-to-Haves
Experience aligning Google Workspace and Okta to regulated/sovereign requirements.
Background scaling security in a high-growth, cloud-first company.
Relevant certs (CISSP, CISM, Security+, GIAC) or equivalent real-world depth.
Benefits (for U.S.-based full-time employees)
100% medical, dental & vision insurance coverage for you
Partially covered for your dependents
One Medical annual membership
401k (including employer match on contributions made while employed by Ramp)
Flexible PTO
Fertility HRA (up to $5,000 per year)
WFH stipend to support your home office needs
Wellness stipend
Parental Leave
Relocation support to NYC or SF (as needed)
Pet insurance
Referral Instructions
If you are being referred for the role, please contact that person to apply on your behalf. Other Notices
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. Ramp Applicant Privacy Notice
Join Ramp's Enterprise Security team to operationalize core and sovereign security programs. You'll oversee Insider Risk, DLP, SaaS posture, and Endpoint security across corporate and FedRAMP-aligned environmentssetting strategy, implementing controls, and measuring outcomes. Ramp is agent?first: you will securely enable AI assistants and automated workflows across the enterprise. Please note that this role will require you to be comfortable with working in-person at our NYC HQ (located near Madison Square Park) at least 2 days/week. What You'll Do
Harden Core Programs: Evaluate and uplift Insider Risk and DLP coverage; tune detections, policies, and workflows end?to?end.
Secure SaaS at Scale: Use SSPM/CASB and configuration baselines to remediate misconfigurations, remove stale access/admins, enforce key rotation, and gate risky app/OAuth scopes.
Operate Sovereign SaaS: Maintain strict access and monitoring for sovereign Google Workspace and Okta tenants; ensure controls map to NIST 800?53/800?171 and FedRAMP-aligned requirements.
Modernize Identity & Access: Enforce phishing?resistant MFA, device?aware access, least privilege/JIT, SCIM life?cycle, and strong break?glass patterns.
Endpoint & Network Defense: Keep macOS/Windows hardened at scale (EDR, disk encryption, MDM), ensure patch SLAs, and apply ZTNA/SSE (e.g., Cloudflare WARP) policies.
Continuous Improvement: Define metrics (coverage, policy efficacy, MTTD/MTTR, configuration drift), run control health reviews, and close gaps across corporate and sovereign environments.
Partner & Ship: Work with IT to validate endpoint agents and patching; document risks, decisions, and runbooks succinctly.
What You Need
3+ years in enterprise/corporate security engineering or operations.
U.S. citizenship is required for this role.
Proven delivery hardening Insider Risk, DLP, SaaS posture, and endpoint controls.
Hands?on Okta administration and Google Workspace security configuration.
Experience with EDR/MDM, SSPM/CASB, DSPM, and ZTNA/SSE; macOS/Windows hardening at scale.
Solid grasp of IAM and control mapping in FedRAMP-aligned environments; familiarity with NIST 800?53/171.
Ability to identify gaps, design remediations, automate where possible, and drive adoption across teams.
Clear, concise communicator who writes crisp docs and runbooks.
Nice-to-Haves
Experience aligning Google Workspace and Okta to regulated/sovereign requirements.
Background scaling security in a high-growth, cloud-first company.
Relevant certs (CISSP, CISM, Security+, GIAC) or equivalent real-world depth.
Benefits (for U.S.-based full-time employees)
100% medical, dental & vision insurance coverage for you
Partially covered for your dependents
One Medical annual membership
401k (including employer match on contributions made while employed by Ramp)
Flexible PTO
Fertility HRA (up to $5,000 per year)
WFH stipend to support your home office needs
Wellness stipend
Parental Leave
Relocation support to NYC or SF (as needed)
Pet insurance
Referral Instructions
If you are being referred for the role, please contact that person to apply on your behalf. Other Notices
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. Ramp Applicant Privacy Notice