Jobs Career Advice Post Job
X

Send this job to a friend

X

Did you notice an error or suspect this job is scam? Tell us.

  • Posted: Jul 6, 2026
    Deadline: Not specified
    • @gmail.com
    • @yahoo.com
    • @outlook.com
  • Heirs Holdings is an African proprietary investment company, with a track record of success and a firm belief in the opportunities that Africa offers. We are known for executing successful corporate turnarounds, and for our ability to identify growth opportunities, incubate new businesses and nurture them to maturity. As active investors, we aim to transform...
    Read more about this company

     

    Senior Network & Security Engineer

    The Role

    • As Senior Network & Security Engineer, you will design, build, and operate the network and security architecture that keeps this platform private, resilient, and impenetrable. You will own the platform's private cloud networking, zero-trust enforcement, perimeter security controls, and network-level threat monitoring — working closely with the Platform Manager and Platform Manager (Security) to ensure that every layer of the network is hardened, observable, and compliant. On a banking platform built for continental scale, the network is the first line of defence — and you own it.

    What You'll Do

    • Network Architecture — Design and own the platform's end-to-end network architecture — defining the topology, segmentation model, and connectivity principles that govern how AWS, Azure, and on-premises environments interrelate and how traffic flows securely across all of them. Translate architectural decisions into a clean, scalable IP addressing strategy: plan and allocate CIDR blocks across both clouds with no overlapping ranges, room to grow, and dedicated subnets for containers, servers, storage, and management. Front and backend assets must be cleanly separated at the network layer. No internal service is ever publicly addressable. All architecture decisions must be documented, reviewed as the platform scales, and reflected in version-controlled infrastructure code.
    • Network Engineering — Own the hands-on engineering and operation of the platform's network infrastructure across cloud and on-premises environments — including routing configuration, switching, firewall policy management, VPN setup, and on-premises edge device configuration (FortiGate, Cisco Nexus 9000). All network infrastructure must be written as clean, well-structured, and peer-reviewed code using Terraform, Ansible, and Bash — covering VNets, subnets, NSGs, routing rules, firewall policies, and VPN gateways. All configurations must be version-controlled and stored in the central repository. No network change may ever be applied manually to any environment. Integrate network security checks into CI/CD pipelines and work with DevSecOps engineers to ensure no environment is ever provisioned with misconfigured or insecure network settings.
    • Zero Trust Enforcement — Implement and enforce zero-trust principles across the entire platform — no implicit trust anywhere. Every request must be authenticated, authorised, and logged. Every network path must be explicitly permitted; everything else is denied by default. Continuously identify and close trust gaps across all environments.
    • Perimeter & Firewall Security — Own and operate the platform's security boundaries — from the outermost perimeter to internal network segmentation. Externally: the only permitted internet entry point is Cloudflare DDoS protection → WAF → API Gateway; ensure DDoS rules, WAF policies, and API Gateway configurations are current, tested, and enforced as code. Internally: own all firewall and NSG rules across cloud and on-premises environments — all policies must be defined exclusively via Infrastructure as Code, version-controlled, and subject to regular rule reviews to eliminate unnecessary access paths and enforce least-privilege networking. No manual firewall or NSG change is ever permitted.
    • Cloud Network Security & Encryption — Configure and maintain cloud-native network security controls across AWS and Azure — including Security Groups, Network ACLs, AWS Network Firewall, and Azure Firewall. Ensure no cloud storage, database, or service is ever inadvertently exposed to the public internet. Enforce TLS 1.2+ across all services and connections in transit — TLS 1.0 and 1.1 are prohibited. Own the certificate lifecycle — provisioning, renewal, rotation, and revocation — ensuring no expired or weak certificate ever reaches production.
    • Hybrid & Site-to-Site Connectivity — Design, implement, and maintain highly available, redundant connectivity between the platform's cloud environments and on-premises data centres — using AWS Direct Connect, Azure ExpressRoute, and IPSec VPN Gateways as appropriate. Ensure failover paths are in place, tested, and documented so that loss of any single link does not interrupt connectivity to core banking systems. All site-to-site links must be encrypted, monitored, and governed as code.
    • VPN & Admin Access Controls — Design and operate the platform's JumpNet and VPN infrastructure — the only permitted route for admin access to production environments. No exceptions. Enforce MFA on all VPN access and ensure all privileged sessions are logged and monitored.
    • Global Traffic Management — Design and operate the platform's global traffic management layer — ensuring user traffic is intelligently distributed across AWS and Azure based on latency, availability, and health. Implement and maintain AWS Route 53 / Global Accelerator and Azure Traffic Manager / Front Door to route users seamlessly between clouds, with automatic failover when either environment degrades. Ensure no single cloud environment is a single point of failure for end-user traffic.
    • Threat Detection & Network Monitoring — Design, implement, and operate the platform's centralised network monitoring and threat detection infrastructure — providing real-time visibility into device health, link utilisation, traffic flows, and anomalies across both cloud and on-premises environments. Working closely with the Platform Manager and Platform Manager (Security), implement IDS/IPS, anomaly detection, and traffic analysis tooling. Ensure all network telemetry feeds into the SIEM with alerting tuned for abnormal traffic volumes, lateral movement, port scanning, unauthorised connections, and attempts to bypass network controls or disable logging. No network event goes undetected or unacted upon.
    • Incident Response — Act as the first responder for network-level security incidents — including containment, isolation, forensic evidence preservation, and root cause analysis. Contribute to the platform's Incident Response Plan and ensure network runbooks are documented, tested, and current.
    • Documentation & Asset Management — Maintain accurate, up-to-date network design documentation at all times. Own a centralised, version-controlled inventory of all core network assets — including device configurations, IP allocations, CIDR assignments, VLAN maps, and topology diagrams. All infrastructure code and key network documentation must live in a central, secure, version-controlled repository — always current, always accessible, and ready for audit or incident response at any time.

    What We're Looking For

    Must Have

    • 5+ years of hands-on network and security engineering experience in a cloud-native production environment — with demonstrated ownership of private network architecture, zero-trust implementation, and perimeter security at scale.
    • Expert-level knowledge of cloud networking on AWS and/or Azure — VNets, subnets, NSGs, Security Groups, Network ACLs, private endpoints, private DNS, VPN Gateways, and Transit Gateways.
    • Hands-on experience with perimeter security tooling — Cloudflare (DDoS, WAF), API Gateway configuration (Kong or equivalent), and web application firewall rule management.
    • Strong working knowledge of zero-trust architecture — identity-aware proxies, microsegmentation, least-privilege network access, and continuous verification principles.
    • Proven experience with network threat detection and monitoring — IDS/IPS, SIEM integration, anomaly detection, and network forensics.
    • Expert-level knowledge of routing and switching protocols — BGP, OSPF, EIGRP, spanning tree, and VLAN trunking — and firewall and security concepts at depth. This is non-negotiable given the complexity of the platform's hybrid connectivity, site-to-site tunnels, and on-premises edge device configuration requirements.
    • Hands-on experience configuring and managing enterprise firewall and core switching platforms — specifically Fortinet FortiGate and Cisco Nexus 9000 series. The platform's on-premises core network runs these devices and this engineer will be expected to configure and manage them directly.
    • Solid Infrastructure as Code skills — Terraform, Ansible, and Bash — with a clear understanding that all network security controls must be version-controlled and never manually provisioned.
    • Active CCNP Security or CCNP Enterprise certification — or a recognised equivalent. Professional-level routing, switching, and security credentials are required given the hybrid connectivity and on-premises edge responsibilities of this role.

    Nice to Have

    • Fortinet NSE 4 or NSE 5 certification — relevant given the FortiGate firewall estate.
    • AWS Certified Security – Specialty and/or Microsoft Certified: Azure Network Engineer Associate (AZ-700).
    • Experience with container network security — Kubernetes network policies, service mesh (Istio or equivalent), and east-west traffic control.
    • Hands-on experience with network security in regulated financial services environments — PCI DSS network segmentation requirements, CBN guidelines, or equivalent.
    • Familiarity with SIEM platforms (Splunk, Microsoft Sentinel, or equivalent) and experience writing detection rules or correlation queries for network-based threats.

    Check how your CV aligns with this job

    Method of Application

    Interested and qualified? Go to Heirs Holdings on heirs-technologies.breezy.hr to apply

    Build your CV for free. Download in different templates.

  • Send your application

    View All Vacancies at Heirs Holdings Back To Home
View Hot Nigerian Jobs Today »

Career Advice

View All Career Advice
 

Subscribe to Job Alert

 

Join our happy subscribers

 
 
 
Send your application through

GmailGmail YahoomailYahoomail