
Ramp
Mid
Lead detection and incident triage for Ramp's security team, with a federal/public-sector maturity push
Ramp is hiring a Detection & Response lead to triage security incidents, tune alerting/runbooks, and mature detection capabilities specifically across its federal and public sector environments. The role wants 3-4 years of IT/security experience with hands-on SOC/CERT/CSIRT background, query-based log tools (ELK, Datadog, Panther), and the judgment to separate signal from noise. NYC HQ, hybrid 2 days/week.
Step into this interview
Free · a live voice mock calibrated to this exact role
What this interview tests
- Incident triage and initial response workflow
- Query-based log analysis and SIEM tooling (ELK, Datadog, Panther)
- Alert/runbook creation, tuning, and false-positive reduction
- Security automation for detection and remediation
- Communicating technical security findings to non-technical stakeholders
Common question themes
Walk me through a real incident you triaged from alert to resolution
Describe a query or investigation you've run in a log management platform
Tell me about an alert you tuned because it was generating too much noise
How would you approach maturing detection capabilities for a regulated/federal environment
Describe building or improving an automated response to a recurring threat
How do you explain a complex security issue to a non-security colleague or manager
Related interviews

Ramp
Mid
Data Scientist

Ramp
Senior
Senior Data Scientist, Growth

Ramp
Senior
Applied AI Engineer, Fullstack

Cloudflare
Mid
Incident Response Analyst, Cloudforce One REACT

Cloudflare
Mid
Response Engineer, Cloudflare Managed Defense Center (CMDC)

Databricks
Senior