SIGN IN
Security and Compliance Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Paradigm, Incorporated · 10 hours ago

Security and Compliance Engineer

positionVirginia Beach, Virginia Beach, VA, US
timeFull-time
remoteHybrid
seniorityMid, Senior Level
money$95K/yr - $130K/yr
date4+ years exp
Paradigm, Incorporated is a leading credentialing services provider with over 34 years of experience. They are seeking a Security and Compliance Engineer to manage their information security program and SOC 2 compliance, focusing on implementing security controls and ensuring compliance requirements are met.
EducationManufacturingPrinting
badNo H1Bnote

Responsibilities

Monitor security alerts and respond to security incidents
Manage and tune security tools (SIEM, EDR, vulnerability scanners, etc.)
Conduct regular vulnerability assessments and coordinate remediation efforts
Perform security log analysis and threat hunting activities
Maintain and improve security monitoring capabilities
Implement and maintain technical security controls across cloud and on-premise environments
Manage identity and access management (IAM) systems and enforce least privilege access
Configure and maintain security tolls including firewalls, endpoint protection, and MFA
Oversee patch management and vulnerability remediation processes
Implement data protection controls including encryption and CLP measures
Review and harden system configurations across AWS/GCP/Azure environments
Conduct security reviews of new systems, applications, and infrastructure changes
Develop and maintain security baselines and hardening standards
Support secure software development practices and DevSecOps initiatives
Evaluate and recommend security technologies and tools
Serve as primary responder for security incidents
Conduct initial triage, containment, and investigation of security events
Document incidents and coordinate response activities
Develop and maintain incident response playbooks
Participate in post-incident reviews and implement lessons learned
Own day-to-day management of SOC 2 Type II compliance program
Coordinate annual SOC 2 audits from planning through completion
Manage relationships with external auditors and assessors
Collect, organize, and maintain compliance evidence throughout the audit period
Track and remediate audit findings and control deficiencies
Test security controls regularly to ensure effectiveness for both security and compliance
Maintain control documentation, policies, and procedures
Map security controls to SOC 2 Trust Service Criteria
Document control evidence in a clear, audit-ready format
Identify control gaps and implement solutions
Partner with Engineering, IT, Product, and Operations on security and compliance requirements
Serve as primary contact for security and compliance questions
Work with vendors to assess security posture and obtain compliance documentation
Coordinate security and compliance activities across Paradigm and @Gov
Develop and deliver security awareness training to employees
Create and maintain security and compliance resources
Onboard new employees on security practices and compliance requirements
Run phishing simulations and security awareness campaigns
Provide regular updates to leadership on security posture and compliance status
Prepare security metrics, compliance dashboards, and management reports/
Communicate security incidents and compliance updates to stakeholders
Present audit results and remediation plans to leadership

Qualification

SOC 2 auditsCloud securitySecurity tools managementIncident responseSecurity frameworksSecurity technologiesNetwork securityDocumentation skillsScripting skillsGRC platformsDevSecOps practicesTechnical writingCollaborationProblem-solvingAdaptability

Required

Bachelor's degree in Computer Science, Information Security, Information Technology, or related field (or equivalent experience)
4-7 years of experience in information security, with at least 2 years involving compliance or audit activities
Hands-on experience with SOC 2 audits – must have participated in at least 2 complete audit cycles
Strong technical background with cloud security (AWS, GCP, or Azure)
Experience implementing and managing security tools (SIEM, EDR, vulnerability management, etc.)
Understanding of security frameworks and standards (NIST, CSF, CIS Controls, SOC2 TSC)
Proficiency with security technologies: firewalls, IDS/IPS, endpoint protections, SIEM, IAM
Strong knowledge of network security, system hardening, and secure configurations
Experience with incident response and security investigations
Excellent documentation and communication skills
Ability to read, process, and follow written directions and procedures
Ability to maintain routine and predictability in a dynamic and open-office environment
Ability to work in concert with a team or independently, with or without direct supervision/guidance as needed
Ability to self-manage and multi-task while making fact-based or historically valid and justifiable decisions
Ability to consistently comply with established procedures, rules, and regulations
Reliable transportation for timely work attendance
This is primarily an office-based job that may require sitting for extended periods of time working on a computer
Must be able to lift to 15 pounds at times
Physically able to bend/kneel/walk/stand, in tandem with cart, stepstools, or rolling ladders, to access supplies and various works in progress or other materials as needed in storage rooms or production areas
Good vision, with or without corrective lenses, in order to sustain adequate visual focus over a period of time

Preferred

Security certifications such as Security+, CISSP, SSCP, or CEH
Compliance certifications such as CISA, CRISC, or ISO 27001 Lead Auditor
Experience with GRC platforms (Drata, Vanta, Secureframe, ServiceNow GRC, or similar)
Scripting/automation skills (Python, PowerShell, Bash)
Experience with Infrastructure as Code (Terraform, CloudFormation)
Knowledge of container security (Docker, Kubernetes)
Familiarity with DevSecOps practices and CI/CD security
Experience in technology startups, SaaS, or fast-paced environments
Background in government contracting or blockchain/crypto industries (nice to have)

Benefits

Medical, dental and vision insurance based upon length of service qualifications
Retirement plan available based upon length of service qualifications
Paid sick- and annual-leave
Paid holidays

Company

Paradigm, Incorporated

twittertwitter
Glassdoor3.9
company-logo
Paradigm, Inc.
dateFounded in 1991
location
Virginia Beach, Virginia, USA
people-size51-200 employees
web-link
https://paradigm-corp.com

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
Christopher Jackson
Co-Founder/CEO
linkedin
leader-logo
Thomas Black
Chief Innovation Officer
linkedin

Recent News

Sourcery
ICYMI: MIT AI Report
2025-08-27
Tech Startups - Startups and Technology news
Thoma Bravo in advanced talks to acquire HR software provider Dayforce
2025-08-19
EIN Presswire
Advance Community Health Becomes First Health Center in North Carolina to Adopt RxParadigm’s Neutral 340B Clearinghouse
2025-06-17
Company data provided by crunchbase