Security and Compliance Engineer
Company: Paradigm Inc.
Location: Virginia Beach
Posted on: February 16, 2026
|
|
|
Job Description:
Job Description Job Description Hybrid work position Visa
sponsorship not available now OR in the future Local candidates
only or ability to relocate prior to start of employment Our
growing companies are currently seeking a security & Compliance
Engineer to manage both our information security program and SOC 2
compliance across Paradigm and @Gov. This dual-focused role is
perfect for someone who understands that great security and strong
compliance go hand-in-hand. You’ll implement and maintain security
controls while ensuring those controls meet our compliance
requirements. About Us: Paradigm, Inc. is a leading credentialing
services provider with over 34 years of experience delivering
printed and digital diplomas, certificates, and comprehensive
learner records to higher education institutions. As a SOC2 Type II
certified organization, we pride ourselves on integrity, security,
and exceptional service. @Gov, Inc. is a next-generation platform
provider specializing in government credential solutions, including
digital apostilles and vital records management for state agencies.
We’re committed to modernizing government operations through
secure, verifiable digital and paper credentials while promoting
sustainability. Together, our organizations serve educational
institutions and government agencies with trusted, secure
credential management solutions that require the highest standards
of data integrity, privacy, and compliance. Environment:
Microsoft-based infrastructure using primarily Windows desktop OS
and Windows Server with Office 365; primarily .Net web and desktop
development utilizing Microsoft SQL database back-end and limited
use of Azure blob storage; integrations with Microsoft’s Dynamics
Navision, D365 systems, UPS WorldShip, ShipWise, and Endicia; Palo
Alto security network has been implemented. Duties: Information
Security (60%) Monitor security alerts and respond to security
incidents. Manage and tune security tools (SIEM, EDR, vulnerability
scanners, etc.). Conduct regular vulnerability assessments and
coordinate remediation efforts. Perform security log analysis and
threat hunting activities. Maintain and improve security monitoring
capabilities. Implement and maintain technical security controls
across cloud and on-premise environments. Manage identity and
access management (IAM) systems and enforce least privilege access.
Configure and maintain security tolls including firewalls, endpoint
protection, and MFA. Oversee patch management and vulnerability
remediation processes. Implement data protection controls including
encryption and CLP measures. Review and harden system
configurations across AWS/GCP/Azure environments. Conduct security
reviews of new systems, applications, and infrastructure changes.
Develop and maintain security baselines and hardening standards.
Support secure software development practices and DevSecOps
initiatives. Evaluate and recommend security technologies and
tools. Serve as primary responder for security incidents. Conduct
initial triage, containment, and investigation of security events.
Document incidents and coordinate response activities. Develop and
maintain incident response playbooks. Participate in post-incident
reviews and implement lessons learned. SOC 2 Compliance & GRC (40%)
Own day-to-day management of SOC 2 Type II compliance program.
Coordinate annual SOC 2 audits from planning through completion.
Manage relationships with external auditors and assessors. Collect,
organize, and maintain compliance evidence throughout the audit
period. Track and remediate audit findings and control
deficiencies. Test security controls regularly to ensure
effectiveness for both security and compliance. Maintain control
documentation, policies, and procedures. Map security controls to
SOC 2 Trust Service Criteria. Document control evidence in a clear,
audit-ready format. Identify control gaps and implement solutions.
Partner with Engineering, IT, Product, and Operations on security
and compliance requirements. Serve as primary contact for security
and compliance questions. Work with vendors to assess security
posture and obtain compliance documentation. Coordinate security
and compliance activities across Paradigm and @Gov. Develop and
deliver security awareness training to employees. Create and
maintain security and compliance resources. Onboard new employees
on security practices and compliance requirements. Run phishing
simulations and security awareness campaigns. Provide regular
updates to leadership on security posture and compliance status.
Prepare security metrics, compliance dashboards, and management
reports/ Communicate security incidents and compliance updates to
stakeholders. Present audit results and remediation plans to
leadership. Required Qualifications/Skills: Bachelor’s degree in
Computer Science, Information Security, Information Technology, or
related field (or equivalent experience). 4-7 years of experience
in information security, with at least 2 years involving compliance
or audit activities. Hands-on experience with SOC 2 audits – must
have participated in at least 2 complete audit cycles. Strong
technical background with cloud security (AWS, GCP, or Azure).
Experience implementing and managing security tools (SIEM, EDR,
vulnerability management, etc.). Understanding of security
frameworks and standards (NIST, CSF, CIS Controls, SOC2 TSC).
Proficiency with security technologies: firewalls, IDS/IPS,
endpoint protections, SIEM, IAM. Strong knowledge of network
security, system hardening, and secure configurations. Experience
with incident response and security investigations. Excellent
documentation and communication skills. Ability to read, process,
and follow written directions and procedures. Ability to maintain
routine and predictability in a dynamic and open-office
environment. Ability to work in concert with a team or
independently, with or without direct supervision/guidance as
needed. Ability to self-manage and multi-task while making
fact-based or historically valid and justifiable decisions. Ability
to consistently comply with established procedures, rules, and
regulations. Reliable transportation for timely work attendance.
This is primarily an office-based job that may require sitting for
extended periods of time working on a computer. Must be able to
lift to 15 pounds at times. Physically able to
bend/kneel/walk/stand, in tandem with cart, stepstools, or rolling
ladders, to access supplies and various works in progress or other
materials as needed in storage rooms or production areas. Good
vision, with or without corrective lenses, in order to sustain
adequate visual focus over a period of time. Preferred
Qualifications: Security certifications such as Security, CISSP,
SSCP, or CEH. Compliance certifications such as CISA, CRISC, or ISO
27001 Lead Auditor. Experience with GRC platforms (Drata, Vanta,
Secureframe, ServiceNow GRC, or similar). Scripting/automation
skills (Python, PowerShell, Bash). Experience with Infrastructure
as Code (Terraform, CloudFormation). Knowledge of container
security (Docker, Kubernetes). Familiarity with DevSecOps practices
and CI/CD security. Experience in technology startups, SaaS, or
fast-paced environments. Background in government contracting or
blockchain/crypto industries (nice to have). Technical Skills:
Cloud Platforms: AWS, GCP, or Azure security services and best
practices. Security Tools: SIEM (Splunk, ELK, Chronicle), EDR
(CrowdStrike, SentinelOne), vulnerability scanners (Nessus,
Qualys). Operating Systems: Linux and Windows security hardening.
Networking: Firewalls, VPNs, network segmentation, zero trust
concepts. Identity & Access: SSO, MFA, IAM, privileged access
management. Compliance: SOC 2 frameworks, control testing
methodologies. Documentation: Technical writing, policy
development, runbook creation. Skills and Competencies: Technical
expertise: Strong hands-on security skills combined with compliance
knowledge. Problem-Solver: Able to troubleshoot security issues and
find practical solutions. Detail-Oriented: Meticulous with
documentation and evidence collection. Communicator: Can explain
technical security concepts to non-technical audiences.
Self-Starter: Works independently and takes ownership of security
and compliance. Collaborative: Builds relationships across teams
and influences without authority. Adaptable: Comfortable in a
fast-paced environment, balancing security and business needs.
Continuous Learner: Stays current on security threats and
compliance requirements. Compensation and Benefits: Competitive
wage with opportunities for advancement Medical, dental and vision
insurance based upon length of service qualifications Retirement
plan available based upon length of service qualifications Paid
sick- and annual-leave Paid holidays Additional Information and
Signature A positive attitude, proven work ethic, and a desire to
learn and surpass expectations are what you will find in our
employees. We seek hard workers who possess the same ambition,
attitude, integrity, desire, and required skills to join our team.
Simply stated, we want you to be successful: we therefore make
every effort to quantify a candidate's suitability before an offer
of employment is extended. Hence, interviewing at @Gov and Paradigm
is a multi-stage process. This can include multiple site visits,
question and answer panels, skills, and behavioral assessments.
Prior to starting employment, successful candidates must pass a
drug or illegal substance screening and are subject to a national
criminal background check.
Keywords: Paradigm Inc., Chesapeake , Security and Compliance Engineer, IT / Software / Systems , Virginia Beach, Virginia
