Intelligence Match
Match: ??%
Unlock Your Personalized Match
Sign in to see your exact score breakdown and personalized insights.
Team Tagline
About the role
Heirs Technologies is the technology subsidiary of Heirs Holdings, Africa's leading investment holding company. We are building a next-generation digital banking platform for one of Africa's largest financial institutions — a product built to serve 15 million users at launch, scaling to hundreds of millions across the continent and diaspora. This is a once-in-a-generation opportunity to work on infrastructure that will define how Africa transacts, saves, and grows.
As a Senior Cloud Engineer, you will be a hands-on builder of the cloud infrastructure that powers Africa's most ambitious digital banking platform. You will design, provision, and operate a dual-cloud environment across AWS and Azure — ensuring it is always on, highly secure, infinitely scalable, and built entirely in code.
Required Skills
Preferred Skills
Responsibilities
- Dual-Cloud Infrastructure — Design, provision, and maintain production-grade cloud infrastructure across both AWS and Azure — ensuring both environments mirror each other in architecture, connect reliably to the institution's on-premises Core Banking systems, and operate with no single point of vendor dependency.
- Infrastructure as Code — Define every environment — dev, staging, and production — in version-controlled IaC. Terraform, Ansible, and Bash are the approved tools for infrastructure provisioning and automation. No manual cloud provisioning. All environments must be reproducible, auditable, and spun up on demand.
- High Availability & Resilience — Architect and maintain highly available configurations across all services, databases, middleware, and storage — targeting 99.99% platform uptime. Implement circuit breakers, retry logic, auto-scaling, and graceful fallbacks so users never feel a backend failure.
- Private Networking & Zero Trust — Own the platform's private network architecture — ensuring every cloud environment is isolated, segmented, and built on the principle that no internal service is ever publicly reachable. Design and maintain the full private networking stack across AWS and Azure: VNets, dedicated subnets, NSGs, private DNS, and private endpoints for all managed services. Enforce zero-trust principles across all internal communication — no implicit trust, every request authenticated and authorised. Public internet exposure is limited strictly to approved entry points: Cloudflare DDoS → WAF → API Gateway.
- Auto-Scaling & Cost Efficiency — Own the platform's approach to scalability and cloud cost efficiency — ensuring infrastructure responds dynamically to demand and never carries unnecessary cost. Configure services to scale to zero at idle and scale out at peak without manual intervention. Continuously monitor and optimise cloud resource consumption — ensuring no environment is over-provisioned and every element of platform spend is lean and justified.
- Managed Services & Platform Stack — Provision and operate the platform's managed cloud services — including PostgreSQL (Azure Database for PostgreSQL, Amazon RDS/Aurora), Apache Cassandra (Azure Managed Instance, Amazon Keyspaces), Redis, RabbitMQ/Azure Service Bus/Amazon SQS, and Kong API Gateway.
- Secrets & Key Management — Manage all secrets, certificates, and encryption keys through Azure Key Vault, AWS Secrets Manager, or equivalent secrets management platform. Enforce rotation schedules. Ensure no credential is ever hardcoded in application code, configuration files, or container images.
- Security & Compliance — Implement and maintain cloud security controls — including AES-256 encryption at rest, TLS 1.2+ in transit, DLP monitoring for abnormal data transfer and unauthorised export, and alerting on policy changes or attempts to disable logging. Contribute to PCI DSS and CBN compliance posture.
- Observability — Instrument cloud infrastructure with centralised logging, metrics, and alerting from day one. Ensure every layer of the infrastructure stack is fully visible — no blind spots in production.
- CI/CD Integration — Integrate cloud infrastructure provisioning into DevSecOps pipelines — ensuring infrastructure changes flow through the same automated, security-gated pipelines as application code.
Job Application Safety Disclaimer
Your security and privacy are our top priorities. Please be aware that InStreamIQ will never ask you to pay any fees for job applications, placements, or training as a condition of employment.
Furthermore, legitimate employers will not ask for sensitive personal identification such as your Bank Verification Number (BVN), National Identification Number (NIN), or Passport details during the initial application phase. Do not share financial information or make any payments to individuals or organizations claiming to represent an employer. If you encounter any suspicious requests, please report the listing immediately via our support channels.