Verified Employer Hiring Fast Featured Role

Senior Network & Security Engineer

Heirs Technologies verified
flag
Location
location_on -
Work Model
home_work hybrid
Job Type
work Full-time
External Interest
open_in_new 0 clicks
Salary
payments Competitive

Intelligence Match

Match: ??%

rocket_launch
Skills Match 87%
Experience Match 88%
Portfolio Match 84%
lock

Unlock Your Personalized Match

Sign in to see your exact score breakdown and personalized insights.

Sign In

Team Tagline

No Tagline provided.

About the role

As Senior Network & Security Engineer, you will design, build, and operate the network and security architecture that keeps this platform private, resilient, and impenetrable. You will own the platform's private cloud networking, zero-trust enforcement, perimeter security controls, and network-level threat monitoring — working closely with the Platform Manager and Platform Manager (Security) to ensure that every layer of the network is hardened, observable, and compliant. On a banking platform built for continental scale, the network is the first line of defence — and you own it.

Required Skills

AWS Docker Google Cloud (GCP) Linux Shell Scripting GitHub Actions Cloudflare SIEM

Preferred Skills

Kubernetes Penetration Testing Identity & Access Mgt Ansible Datadog Ethical Hacking Incident Response

Responsibilities

  • Network Architecture — Design and own the platform's end-to-end network architecture — defining the topology, segmentation model, and connectivity principles that govern how AWS, Azure, and on-premises environments interrelate and how traffic flows securely across all of them. Translate architectural decisions into a clean, scalable IP addressing strategy: plan and allocate CIDR blocks across both clouds with no overlapping ranges, room to grow, and dedicated subnets for containers, servers, storage, and management. Front and backend assets must be cleanly separated at the network layer. No internal service is ever publicly addressable. All architecture decisions must be documented, reviewed as the platform scales, and reflected in version-controlled infrastructure code.
  • Network Engineering — Own the hands-on engineering and operation of the platform's network infrastructure across cloud and on-premises environments — including routing configuration, switching, firewall policy management, VPN setup, and on-premises edge device configuration (FortiGate, Cisco Nexus 9000). All network infrastructure must be written as clean, well-structured, and peer-reviewed code using Terraform, Ansible, and Bash — covering VNets, subnets, NSGs, routing rules, firewall policies, and VPN gateways. All configurations must be version-controlled and stored in the central repository. No network change may ever be applied manually to any environment. Integrate network security checks into CI/CD pipelines and work with DevSecOps engineers to ensure no environment is ever provisioned with misconfigured or insecure network settings.
  • Zero Trust Enforcement — Implement and enforce zero-trust principles across the entire platform — no implicit trust anywhere. Every request must be authenticated, authorised, and logged. Every network path must be explicitly permitted; everything else is denied by default. Continuously identify and close trust gaps across all environments.
  • Perimeter & Firewall Security — Own and operate the platform's security boundaries — from the outermost perimeter to internal network segmentation. Externally: the only permitted internet entry point is Cloudflare DDoS protection → WAF → API Gateway; ensure DDoS rules, WAF policies, and API Gateway configurations are current, tested, and enforced as code. Internally: own all firewall and NSG rules across cloud and on-premises environments — all policies must be defined exclusively via Infrastructure as Code, version-controlled, and subject to regular rule reviews to eliminate unnecessary access paths and enforce least-privilege networking. No manual firewall or NSG change is ever permitted.
  • Cloud Network Security & Encryption — Configure and maintain cloud-native network security controls across AWS and Azure — including Security Groups, Network ACLs, AWS Network Firewall, and Azure Firewall. Ensure no cloud storage, database, or service is ever inadvertently exposed to the public internet. Enforce TLS 1.2+ across all services and connections in transit — TLS 1.0 and 1.1 are prohibited. Own the certificate lifecycle — provisioning, renewal, rotation, and revocation — ensuring no expired or weak certificate ever reaches production.
  • Hybrid & Site-to-Site Connectivity — Design, implement, and maintain highly available, redundant connectivity between the platform's cloud environments and on-premises data centres — using AWS Direct Connect, Azure ExpressRoute, and IPSec VPN Gateways as appropriate. Ensure failover paths are in place, tested, and documented so that loss of any single link does not interrupt connectivity to core banking systems. All site-to-site links must be encrypted, monitored, and governed as code.
  • VPN & Admin Access Controls — Design and operate the platform's JumpNet and VPN infrastructure — the only permitted route for admin access to production environments. No exceptions. Enforce MFA on all VPN access and ensure all privileged sessions are logged and monitored.
  • Global Traffic Management — Design and operate the platform's global traffic management layer — ensuring user traffic is intelligently distributed across AWS and Azure based on latency, availability, and health. Implement and maintain AWS Route 53 / Global Accelerator and Azure Traffic Manager / Front Door to route users seamlessly between clouds, with automatic failover when either environment degrades. Ensure no single cloud environment is a single point of failure for end-user traffic.
  • Threat Detection & Network Monitoring — Design, implement, and operate the platform's centralised network monitoring and threat detection infrastructure — providing real-time visibility into device health, link utilisation, traffic flows, and anomalies across both cloud and on-premises environments. Working closely with the Platform Manager and Platform Manager (Security), implement IDS/IPS, anomaly detection, and traffic analysis tooling. Ensure all network telemetry feeds into the SIEM with alerting tuned for abnormal traffic volumes, lateral movement, port scanning, unauthorised connections, and attempts to bypass network controls or disable logging. No network event goes undetected or unacted upon.
  • Incident Response — Act as the first responder for network-level security incidents — including containment, isolation, forensic evidence preservation, and root cause analysis. Contribute to the platform's Incident Response Plan and ensure network runbooks are documented, tested, and current.
  • Documentation & Asset Management — Maintain accurate, up-to-date network design documentation at all times. Own a centralised, version-controlled inventory of all core network assets — including device configurations, IP allocations, CIDR assignments, VLAN maps, and topology diagrams. All infrastructure code and key network documentation must live in a central, secure, version-controlled repository — always current, always accessible, and ready for audit or incident response at any time.
security

Job Application Safety Disclaimer

Your security and privacy are our top priorities. Please be aware that InStreamIQ will never ask you to pay any fees for job applications, placements, or training as a condition of employment.

Furthermore, legitimate employers will not ask for sensitive personal identification such as your Bank Verification Number (BVN), National Identification Number (NIN), or Passport details during the initial application phase. Do not share financial information or make any payments to individuals or organizations claiming to represent an employer. If you encounter any suspicious requests, please report the listing immediately via our support channels.

fact_check

Confirm Application & Data Sharing

By proceeding, you consent to sharing your InStreamIQ professional profile with Heirs Technologies for the purpose of applying for the Senior Network & Security Engineer position.

Shared data includes your: Email address, Work Experiences, Educational Background, Technical Skills, and Portfolio Projects.

This information is shared exclusively for this specific candidacy. You can manage your privacy settings in your dashboard.

exit_to_app

Leaving InStreamIQ

You are moving to an external platform to complete your application. Please note that InStreamIQ is not responsible for the data security or privacy practices of third-party websites.

Safety Reminder: Do not share highly sensitive information like BVN, NIN, or make any form of payment on external sites.

By clicking 'Continue', you acknowledge that you are proceeding at your own discretion to the employer's chosen platform.