Jobs Career Advice Post Job
X

Send this job to a friend

X

Did you notice an error or suspect this job is scam? Tell us.

  • Posted: Jul 15, 2026
    Deadline: Not specified
    • @gmail.com
    • @yahoo.com
    • @outlook.com
  • Heirs Insurance is a general insurance company challenging traditional insurance by providing simple and accessible protection for vehicles, homes, business and more.
    Read more about this company

     

    Senior Network Security Engineer

    The Role

    • As Senior Network & Security Engineer, you will design, build, and operate the network and security architecture that keeps this platform private, resilient, and impenetrable. You will own the platform's private cloud networking, zero-trust enforcement, perimeter security controls, and network-level threat monitoring, working closely with the Platform Manager and Platform Manager (Security) to ensure every layer of the network is hardened, observable, and compliant. On a banking platform built for continental scale, the network is the first line of defence, and you own it.

    What You'll Do

    • Network Architecture: Design and own the platform's end-to-end network architecture, defining topology, segmentation, and connectivity across AWS, Azure, and on-premises environments. Plan a scalable IP addressing strategy with non-overlapping CIDR blocks and dedicated subnets for containers, servers, storage, and management. Front and backend assets must be cleanly separated; no internal service is ever publicly addressable. All decisions must be documented and reflected in version-controlled infrastructure code.
    • Network Engineering: Own hands-on engineering of network infrastructure across cloud and on-premises environments, including routing, switching, firewall policy management, VPN setup, and on-premises edge devices (FortiGate, Cisco Nexus 9000). All infrastructure must be written as peer-reviewed code (Terraform, Ansible, Bash), version-controlled, with network security checks integrated into CI/CD. No manual changes to any environment are permitted.
    • Zero Trust Enforcement: Implement zero-trust principles platform-wide, no implicit trust anywhere. Every request must be authenticated, authorised, and logged; every network path explicitly permitted, everything else denied by default. Continuously identify and close trust gaps.
    • Perimeter & Firewall Security: Own the platform's security boundaries end to end. Externally, the only permitted internet entry point is Cloudflare DDoS protection, WAF, then API Gateway, with rules and configurations tested and enforced as code. Internally, own all firewall and NSG rules across cloud and on-premises environments, defined exclusively via IaC, version-controlled, and regularly reviewed for least-privilege access. No manual firewall or NSG changes are permitted.
    • Cloud Network Security & Encryption: Configure and maintain cloud-native network security controls across AWS and Azure, including Security Groups, Network ACLs, AWS Network Firewall, and Azure Firewall. Ensure no storage, database, or service is ever inadvertently exposed to the internet. Enforce TLS 1.2+ everywhere (TLS 1.0/1.1 prohibited) and own the full certificate lifecycle.
    • Hybrid & Site-to-Site Connectivity: Design and maintain highly available, redundant connectivity between cloud and on-premises data centres using AWS Direct Connect, Azure ExpressRoute, and IPSec VPN Gateways. Ensure tested failover paths so no single link interrupts core banking connectivity. All links must be encrypted, monitored, and governed as code.
    • VPN & Admin Access Controls: Design and operate the platform's JumpNet and VPN infrastructure, the only permitted route for admin access to production, with no exceptions. Enforce MFA on all VPN access and log/monitor all privileged sessions.
    • Global Traffic Management: Design and operate global traffic management ensuring user traffic is intelligently distributed across AWS and Azure based on latency, availability, and health, using Route 53/Global Accelerator and Azure Traffic Manager/Front Door with automatic failover. No single cloud environment should be a point of failure.
    • Threat Detection & Network Monitoring: Design and operate centralised network monitoring and threat detection, providing real-time visibility into device health, link utilisation, traffic flows, and anomalies. Implement IDS/IPS, anomaly detection, and traffic analysis tooling, feeding all telemetry into the SIEM with alerting tuned for lateral movement, port scanning, unauthorised connections, and control-bypass attempts. No network event goes undetected or unacted upon.
    • Incident Response: Act as first responder for network-level security incidents, including containment, isolation, forensic evidence preservation, and root cause analysis. Contribute to the Incident Response Plan and keep network runbooks documented and tested.
    • Documentation & Asset Management: Maintain accurate, up-to-date network documentation and a version-controlled inventory of core network assets, including device configs, IP allocations, CIDR assignments, VLAN maps, and topology diagrams, always audit-ready.

    What We're Looking For

    Must Have

    • 5+ years of hands-on network and security engineering experience in a cloud-native production environment, with demonstrated ownership of private network architecture, zero-trust implementation, and perimeter security at scale
    • Expert-level knowledge of cloud networking on AWS and/or Azure: VNets, subnets, NSGs, Security Groups, Network ACLs, private endpoints, private DNS, VPN Gateways, and Transit Gateways
    • Hands-on experience with perimeter security tooling: Cloudflare (DDoS, WAF), API Gateway configuration (Kong or equivalent), and WAF rule management
    • Strong working knowledge of zero-trust architecture: identity-aware proxies, microsegmentation, least-privilege network access, and continuous verification
    • Proven experience with network threat detection and monitoring: IDS/IPS, SIEM integration, anomaly detection, and network forensics
    • Expert-level knowledge of routing and switching protocols (BGP, OSPF, EIGRP, spanning tree, VLAN trunking) and firewall/security concepts at depth, non-negotiable given the platform's hybrid connectivity and on-premises edge requirements
    • Hands-on experience configuring enterprise firewall and core switching platforms, specifically Fortinet FortiGate and Cisco Nexus 9000 series, which run the on-premises core network
    • Solid Infrastructure as Code skills (Terraform, Ansible, Bash), with all network security controls version-controlled and never manually provisioned
    • Active CCNP Security or CCNP Enterprise certification, or a recognised equivalent, is required given the hybrid connectivity and on-premises responsibilities

    Nice to Have

    • Fortinet NSE 4 or NSE 5 certification, relevant given the FortiGate firewall estate
    • AWS Certified Security, Specialty and/or Microsoft Certified: Azure Network Engineer Associate (AZ-700)
    • Experience with container network security: Kubernetes network policies, service mesh (Istio or equivalent), and east-west traffic control
    • Hands-on experience with network security in regulated financial services: PCI DSS network segmentation, CBN guidelines, or equivalent
    • Familiarity with SIEM platforms (Splunk, Microsoft Sentinel, or equivalent) and experience writing detection rules or correlation queries for network-based threats

    Compensation

    Competitive and commensurate with experience. Details shared with shortlisted candidates.

    Check how your CV aligns with this job

    Method of Application

    Interested and qualified? Go to Heirs Insurance Ltd on heirs-technologies.breezy.hr to apply

    Build your CV for free. Download in different templates.

  • Send your application

    View All Vacancies at Heirs Insurance Ltd Back To Home
View Hot Nigerian Jobs Today »

Career Advice

View All Career Advice
 

Subscribe to Job Alert

 

Join our happy subscribers

 
 
Send your application through

GmailGmail YahoomailYahoomail