Principal Infrastructure Engineer

Position Overview

We are seeking a hands-on Principal Infrastructure Engineer to serve as the senior technical authority for infrastructure across Paradigm and @Gov. Reporting to the Chief Information Officer, this senior individual contributor role will own the most complex infrastructure engineering, troubleshooting, assessment, and architecture work across two segmented environments. The successful candidate will be the tier 3 escalation point for complex issues spanning network, security, virtualization, identity, cloud, ERP, backup, monitoring, and application infrastructure.

This role is ideal for an active practitioner who can assess inherited infrastructure, identify technical debt and security gaps, design a scalable and resilient future state, and execute the roadmap needed to support business growth, FedRAMP readiness, and future cloud migration. This is not a people-management position; however, the role is expected to mentor administrators, strengthen operational processes, and improve documentation and knowledge transfer across the IT team.

This is a full-time, exempt position based in Virginia Beach, Virginia, with a hybrid work arrangement.

About Us

Paradigm, Inc. is a leading credentialing services provider with over 34 years of experience delivering printed and digital diplomas, certificates, and comprehensive learner records to higher education institutions. As a SOC2 Type II certified organization, we pride ourselves on integrity, security, and exceptional service.

@Gov, Inc. is a next-generation platform provider specializing in government credential solutions, including digital apostilles and vital records management for state agencies. We are committed to modernizing government operations through secure, verifiable digital and paper credentials while promoting sustainability.

Together, our organizations serve educational institutions and government agencies with trusted, secure credential management solutions that require the highest standards of infrastructure reliability, information security, data integrity, privacy, and compliance.

Environment

Microsoft-based infrastructure using primarily Windows desktop OS and Windows Server with Office 365; primarily .Net web and desktop development utilizing Microsoft SQL database back-end and limited use of Azure blob storage; integrations with Microsoft’s Dynamics Navision, D365 systems, UPS WorldShip, ShipWise, and Endicia; Palo Alto security network has been implemented.

Key Responsibilities

Infrastructure Architecture & Strategy

• Assess the current Paradigm and @Gov infrastructure environments, including network segmentation, firewall policy, Active Directory forests, VMware vSphere, Azure, Microsoft 365, Dynamics, backup, monitoring, DNS/CDN, and certificate management.
• Design and maintain secure, scalable, and resilient infrastructure architectures that support credentialing, apostille, vital records, and government services platforms.
• Create prioritized remediation plans for misconfigurations, single points of failure, capacity constraints, technical debt, and operational risk.
• Develop target-state architecture and transition plans for Paradigm's hybrid environment and @Gov's post-FedRAMP cloud migration path.
• Recommend improvements to tooling, automation, vendor relationships, licensing, and infrastructure processes where they improve maturity, resilience, security, or cost efficiency.

Tier 3 Escalation & Complex Problem Resolution

• Serve as the senior escalation resource for complex incidents that span multiple infrastructure domains or exceed the capabilities of day-to-day administration.
• Diagnose and resolve production issues end-to-end across Palo Alto firewalls, VMware vSphere, Active Directory and Entra ID, Azure services, Dynamics environments, email deliverability, backups, monitoring, and application infrastructure.
• Lead high-severity incident response, coordinate with infrastructure, development, QA, business stakeholders, and vendors, and drive root-cause analysis and post-incident remediation.
• Build and maintain runbooks, escalation procedures, architecture diagrams, and post-mortem templates that improve response consistency and team capability.

Network, Security & Identity

• Administer and optimize Palo Alto next-generation firewall configurations, including security policies, NAT rules, threat prevention, URL filtering, GlobalProtect VPN, and inter-network access controls.
• Manage network switching, routing, VLANs, VPNs, load balancers, DNS, DHCP, and related physical and virtual network infrastructure across segmented environments.
• Serve as a senior authority for separate Active Directory forests and domains, including domain controllers, replication, Group Policy, DNS/DHCP, OU design, trusts, and hybrid identity patterns.
• Manage Paradigm's Azure/Entra ID hybrid identity, Microsoft 365 administration, conditional access, SSO, MFA, privileged access controls, and user lifecycle processes.
• Harden infrastructure in alignment with SOC2, NIST, government security requirements, and FedRAMP readiness expectations for @Gov.

Virtualization, Cloud & Systems Operations

• Administer and improve VMware vSphere environments, including ESXi, vCenter, HA/DRS, vMotion, resource management, VM networking, templates, upgrades, storage, and performance tuning.
• Administer Azure infrastructure for Paradigm, including compute, networking, storage, subscriptions, identity services, monitoring, and hybrid connectivity with on-premises systems.
• Plan @Gov's future migration from fully on-premises infrastructure to Azure once FedRAMP certification objectives are met.
• Implement automation and infrastructure-as-code practices using tools such as Terraform, Ansible, PowerShell, or similar platforms.
• Maintain server hardware, operating systems, patching, rack/data-center coordination, UPS, and supporting infrastructure needed for reliable operations.

Business Applications, Monitoring & Disaster Recovery

• Support infrastructure for Microsoft Dynamics Business Central and NAV environments, including server administration, SQL Server coordination, performance, availability, backups, and change windows.
• Manage and improve monitoring and observability using tools such as Dynatrace, SolarWinds, Netwrix, and related alerting/reporting platforms.
• Manage Veeam backup and recovery capabilities, including job configuration, retention, restore testing, disaster recovery documentation, and recoverability validation for critical systems.
• Administer supporting platforms such as Cloudflare, GlobalSign certificates, SendGrid, CodeTwo, Jscape, Files.com, Dropbox, LastPass, and collaboration tools as needed.
• Map critical workflows and dataflows across edge, firewall, application, database, ERP, identity, and cloud layers to identify dependencies, bottlenecks, and operational risks.

Collaboration, Documentation & Mentorship

• Partner with software engineering, QA, finance, operations, product, and executive stakeholders to align infrastructure decisions with business needs and customer commitments.
• Participate in change control, release planning, audit support, and compliance documentation with attention to cross-system and cross-network impacts.
• Mentor systems administrators through pairing, documentation, architecture reviews, and hands-on knowledge transfer without assuming direct people-management responsibilities.
• Identify team skill gaps and recommend training, certifications, and process improvements that raise the technical capability of the IT organization.

Qualifications

Required Experience:

• Bachelor's degree in Computer Science, Information Systems, Engineering, Cybersecurity, or related field; equivalent professional experience may be considered.
• 10+ years of hands-on experience across infrastructure engineering, systems administration, network engineering, cloud engineering, and/or security engineering.
• Demonstrated ability to independently diagnose and resolve complex multi-layer infrastructure problems across network, security, virtualization, identity, cloud, and application layers.
• Deep production experience with VMware vSphere, including ESXi, vCenter, vMotion, HA/DRS, storage, distributed networking, lifecycle management, and performance troubleshooting.
• Strong experience with Palo Alto Networks firewalls, including policy design, NAT, threat prevention, VPN/GlobalProtect, segmentation, and Panorama or equivalent management.
• Deep knowledge of Active Directory architecture and administration, including multi-forest environments, Group Policy, replication, DNS/DHCP, trusts, and hybrid identity with Microsoft Entra ID.
• Hands-on experience with Microsoft Azure infrastructure, hybrid architectures, Microsoft 365 administration, Exchange Online, Teams, SharePoint, conditional access, and MFA.
• Experience with backup, disaster recovery, and restore validation using Veeam or similar enterprise backup platforms.
• Strong understanding of networking fundamentals, including TCP/IP, VLANs, routing, switching, VPNs, load balancers, DNS, certificates, CDN/edge services, and email authentication such as SPF, DKIM, and DMARC.
• Experience supporting Windows Server and Linux environments, patch management, system hardening, monitoring, and operational documentation.
• Working knowledge of compliance and security frameworks such as SOC2, NIST, and FedRAMP, especially as they relate to infrastructure controls and cloud readiness.
• Strong written and verbal communication skills, including the ability to produce clear documentation, explain technical risk, and communicate effectively with technical teams, business stakeholders, and executive leadership.

Preferred Experience:

• Direct experience preparing environments for FedRAMP authorization, including control implementation, system security plan support, POA&M remediation, and 3PAO coordination.
• Experience planning or executing cloud migrations from on-premises VMware environments to Azure in regulated or government-adjacent environments.
• Experience administering Microsoft Dynamics Business Central and/or Dynamics NAV, including on-premises deployments and SQL Server coordination.
• Experience with Dynatrace, SolarWinds, Netwrix, Cloudflare, SendGrid, CodeTwo, GlobalSign, LastPass, Jscape, Files.com, and similar infrastructure tools.
• Experience with CI/CD pipelines, GitHub, PowerShell, Python, Terraform, Ansible, or other automation and infrastructure-as-code tools.
• Certifications such as VMware VCP-DCV, Palo Alto PCNSA/PCNSE, Microsoft Azure Administrator (AZ-104), Azure Solutions Architect (AZ-305), Microsoft 365 Administrator, CompTIA Security+/CASP+, RHCSA/RHCE, or similar.
• Experience supporting education technology, credentialing platforms, government systems, apostille processes, vital records, StateRAMP, CJIS, FERPA, CCPA, GDPR, or similar privacy/compliance requirements.

Physical Requirements

• This is primarily an office-based job that may require sitting for extended periods of time working on a computer.
• Must be able to lift up to 25 pounds at times and occasionally assist with server, network, or office equipment movement.
• Good vision, with or without corrective lenses, to sustain adequate visual focus over a period of time.
• Fine motor skills, including full use and muscle control required to make precise hand movements for tasks requiring hand-eye coordination, muscle coordination, and dexterity.
• May occasionally require work outside normal business hours to support maintenance windows, critical incidents, system upgrades, or disaster recovery testing.

Compensation and Benefits

• Competitive salary range depending on experience and qualifications.
• Medical, dental, and vision insurance based upon length of service qualifications.
• Retirement plan available based upon length of service qualifications with company match.
• Paid sick leave, annual leave, and paid holidays.
• Professional development support, including training and certification sponsorship where aligned with business needs.
• Hybrid work environment based in Virginia Beach, Virginia, with opportunities to make a direct impact on secure credentialing and government services platforms.

Additional Information and Signature

A positive attitude, proven work ethic and a desire to learn and surpass expectations are what you will find in our employees. We seek hard workers who possess the same ambition, attitude, integrity, desire and required skills to join our team.

Simply stated, we want you to be successful; we therefore make every effort to quantify a candidate's suitability before an offer of employment is extended. Interviewing is a multi-stage process. This can include multiple site visits, question and answer panels, skill, and behavioral assessments.

Prior to starting employment, successful candidates must pass a drug or illegal substance screening and are subject to a national criminal background check. Your cooperation and full disclosure during these evaluations are strongly recommended.