Senior Security Engineer, Endpoint
WFA Digital Insight
As the remote job market continues to evolve, demand for skilled security engineers has grown significantly, with a 25% increase in job postings over the past year. In this role, you'll have the opportunity to build and manage endpoint security for a cutting-edge finance company, utilizing the latest tools and technologies. With the rise of agentic AI, corporate security is more crucial than ever, and candidates with experience in macOS security, GitOps, and Terraform will be in high demand. Before applying, consider what you can bring to the table in terms of innovative security solutions and a deep understanding of the evolving threat landscape.
Job Description
About the Role
The Senior Security Engineer, Endpoint position at Ramp is a critical role that requires a deep understanding of endpoint security, macOS, Windows, and mobile devices. As a key member of the security team, you will be responsible for building and managing the company's endpoint security posture, utilizing the latest tools and technologies to ensure the security and integrity of Ramp's systems. You will work closely with the IT, SecOps, and engineering teams to sharpen telemetry and detections, mentor other engineers, and raise the bar on what 'low-friction security' actually means.The role entails a high level of agency and urgency, with a focus on building secure-by-default controls with Terraform and GitOps. You will be responsible for managing the full device lifecycle, from deployment to retirement, and ensuring that all endpoints are properly configured and secured. This is an exciting opportunity to join a cutting-edge company that is pushing the boundaries of finance and technology.
What You Will Do
- Write and ship MDM policy as code, including configuration profiles, remediation scripts, and enforcement rules across macOS, Windows, and mobile devices
- Build patch automation that closes exposure windows quickly without disrupting employee workflows
- Manage software distribution across the fleet, ensuring that all endpoints have the latest security patches and updates
- Mine fleet telemetry for signal, building dashboards, drift alerts, and AI-assisted automation to cut toil before it compounds
- Own managed browser and extension policy, enforcing what's allowed, blocking what isn't, and keeping the control plane auditable
- Be the last line of defense on endpoint escalations that IT Operations can't resolve
- Partner with IT, SecOps, and engineering teams to sharpen telemetry and detections
- Mentor other engineers and raise the bar on what 'low-friction security' actually means
- Help shape the company's approach to corporate security in an agentic world
What We Are Looking For
- Deep macOS security experience, including Jamf Pro, FleetDM, or equivalent MDM at scale
- Strong IaC fundamentals and a GitOps delivery model, including Terraform modules, remote state, and CI pipelines
- Solid working knowledge of Google Workspace in a managed enterprise environment, including Chrome Browser Cloud Management and extension policy enforcement
- A point of view on how agentic AI changes the corporate security surface
- 5+ years of experience in a security engineering role, with a focus on endpoint security
- Strong understanding of security principles, including confidentiality, integrity, and availability
- Experience with cloud-based security solutions, including AWS, Azure, or Google Cloud
Nice to Have
- Experience with open source endpoint and device management tooling
- Experience building automated, progressive rollout systems based on fleet telemetry
- Experience managing a mixed fleet, including macOS, Windows, and mobile devices
- Experience putting AI to work on real operational problems, not just prototyping
Benefits and Perks
- Flexible PTO and unlimited AI token usage
- Centralized home-office equipment ordering and health and wellness stipend
- Budget for intra-office travel and weekly coffee stipend
- 100% medical, dental, and vision insurance coverage for you, with partial coverage for dependents
- One Medical annual membership and 401(k) with employer match
- Fertility HRA and parental leave: up to 16 weeks at 100% pay
- Pet insurance and in-office perks, including lunch, snacks, drinks, and more
- Relocation support to New York, NY
How to Stand Out
- Familiarize yourself with the latest endpoint security tools and technologies, including Terraform and GitOps.
- Develop a deep understanding of macOS security, including Jamf Pro and FleetDM.
- Build a portfolio of your security engineering work, including examples of secure-by-default controls and automated patch management.
- Be prepared to discuss your experience with cloud-based security solutions and your point of view on how agentic AI changes the corporate security surface.
- Research the company culture and values, and be prepared to discuss how you can contribute to the security team's mission and goals.
- Consider highlighting your experience with open source endpoint and device management tooling, as well as your ability to manage a mixed fleet of devices.
- Don't be afraid to ask questions about the role, the team, and the company culture during the interview process.
This is a remote position listed on WFA Digital, the platform for professionals who work from anywhere. Browse more remote jobs across all categories.