Verified Employer Hiring Fast Featured Role

Senior Network & Security Engineer

Heirs Technologies verified
flag
Location
location_on -
Work Model
home_work onsite
0% Remote · 100% Hybrid · 0% On-site
Job Type
work Full-time
External Interest
open_in_new 0 clicks
Salary
payments Competitive

Intelligence Match

Match: ??%

rocket_launch
Skills Match 87%
Experience Match 88%
Portfolio Match 84%
lock

Unlock Your Personalized Match

Sign in to see your exact score breakdown and personalized insights.

Sign In

Team Tagline

No Tagline provided.

About the role

As Senior Network & Security Engineer, you will design, build, and operate the network and security architecture that keeps this platform private, resilient, and impenetrable. You will own the platform's private cloud networking, zero-trust enforcement, perimeter security controls, and network-level threat monitoring, working closely with the Platform Manager and Platform Manager (Security) to ensure every layer of the network is hardened, observable, and compliant. On a banking platform built for continental scale, the network is the first line of defence, and you own it.

Responsibilities

  • Network Architecture: Design and own the platform's end-to-end network architecture, defining topology, segmentation, and connectivity across AWS, Azure, and on-premises environments. Plan a scalable IP addressing strategy with non-overlapping CIDR blocks and dedicated subnets for containers, servers, storage, and management. Front and backend assets must be cleanly separated; no internal service is ever publicly addressable. All decisions must be documented and reflected in version-controlled infrastructure code.
  • Network Engineering: Own hands-on engineering of network infrastructure across cloud and on-premises environments, including routing, switching, firewall policy management, VPN setup, and on-premises edge devices (FortiGate, Cisco Nexus 9000). All infrastructure must be written as peer-reviewed code (Terraform, Ansible, Bash), version-controlled, with network security checks integrated into CI/CD. No manual changes to any environment are permitted.
  • Zero Trust Enforcement: Implement zero-trust principles platform-wide, no implicit trust anywhere. Every request must be authenticated, authorised, and logged; every network path explicitly permitted, everything else denied by default. Continuously identify and close trust gaps.
  • Perimeter & Firewall Security: Own the platform's security boundaries end to end. Externally, the only permitted internet entry point is Cloudflare DDoS protection, WAF, then API Gateway, with rules and configurations tested and enforced as code. Internally, own all firewall and NSG rules across cloud and on-premises environments, defined exclusively via IaC, version-controlled, and regularly reviewed for least-privilege access. No manual firewall or NSG changes are permitted.
  • Cloud Network Security & Encryption: Configure and maintain cloud-native network security controls across AWS and Azure, including Security Groups, Network ACLs, AWS Network Firewall, and Azure Firewall. Ensure no storage, database, or service is ever inadvertently exposed to the internet. Enforce TLS 1.2+ everywhere (TLS 1.0/1.1 prohibited) and own the full certificate lifecycle.
  • Hybrid & Site-to-Site Connectivity: Design and maintain highly available, redundant connectivity between cloud and on-premises data centres using AWS Direct Connect, Azure ExpressRoute, and IPSec VPN Gateways. Ensure tested failover paths so no single link interrupts core banking connectivity. All links must be encrypted, monitored, and governed as code.
  • VPN & Admin Access Controls: Design and operate the platform's JumpNet and VPN infrastructure, the only permitted route for admin access to production, with no exceptions. Enforce MFA on all VPN access and log/monitor all privileged sessions.
  • Global Traffic Management: Design and operate global traffic management ensuring user traffic is intelligently distributed across AWS and Azure based on latency, availability, and health, using Route 53/Global Accelerator and Azure Traffic Manager/Front Door with automatic failover. No single cloud environment should be a point of failure.
  • Threat Detection & Network Monitoring: Design and operate centralised network monitoring and threat detection, providing real-time visibility into device health, link utilisation, traffic flows, and anomalies. Implement IDS/IPS, anomaly detection, and traffic analysis tooling, feeding all telemetry into the SIEM with alerting tuned for lateral movement, port scanning, unauthorised connections, and control-bypass attempts. No network event goes undetected or unacted upon.
  • Incident Response: Act as first responder for network-level security incidents, including containment, isolation, forensic evidence preservation, and root cause analysis. Contribute to the Incident Response Plan and keep network runbooks documented and tested.
  • Documentation & Asset Management: Maintain accurate, up-to-date network documentation and a version-controlled inventory of core network assets, including device configs, IP allocations, CIDR assignments, VLAN maps, and topology diagrams, always audit-ready.
security

Job Application Safety Disclaimer

Your security and privacy are our top priorities. Please be aware that InStreamIQ will never ask you to pay any fees for job applications, placements, or training as a condition of employment.

Furthermore, legitimate employers will not ask for sensitive personal identification such as your Bank Verification Number (BVN), National Identification Number (NIN), or Passport details during the initial application phase. Do not share financial information or make any payments to individuals or organizations claiming to represent an employer. If you encounter any suspicious requests, please report the listing immediately via our support channels.

fact_check

Confirm Application & Data Sharing

By proceeding, you consent to sharing your InStreamIQ professional profile with Heirs Technologies for the purpose of applying for the Senior Network & Security Engineer position.

Shared data includes your: Email address, Work Experiences, Educational Background, Technical Skills, and Portfolio Projects.

This information is shared exclusively for this specific candidacy. You can manage your privacy settings in your dashboard.

exit_to_app

Leaving InStreamIQ

You are moving to an external platform to complete your application. Please note that InStreamIQ is not responsible for the data security or privacy practices of third-party websites.

Safety Reminder: Do not share highly sensitive information like BVN, NIN, or make any form of payment on external sites.

By clicking 'Continue', you acknowledge that you are proceeding at your own discretion to the employer's chosen platform.