H

Senior Network Security Engineer

Heirs Technologies

Software & Data

Today
New
Experience Level: Senior level Experience Length: 5 years Language Requirement: English Working Hours: Contract - 8 to 5

Job descriptions & requirements


About Heirs Technologies

Heirs Technologies is the technology subsidiary of Heirs Holdings, Africa's leading investment holding company, building world-class digital products and platforms serving millions of Africans across the continent and diaspora.


About the Engagement

We are building a next-generation digital banking platform for one of Africa's largest financial institutions, built to serve 15 million users at launch and scale to hundreds of millions across the continent and diaspora. This is a once-in-a-generation opportunity to work on infrastructure that will define how Africa transacts, saves, and grows.


The Role

As Senior Network & Security Engineer, you will design, build, and operate the network and security architecture that keeps this platform private, resilient, and impenetrable. You will own the platform's private cloud networking, zero-trust enforcement, perimeter security controls, and network-level threat monitoring, working closely with the Platform Manager and Platform Manager (Security) to ensure every layer of the network is hardened, observable, and compliant. On a banking platform built for continental scale, the network is the first line of defence, and you own it.


What You'll Do

  • Network Architecture: Design and own the platform's end-to-end network architecture, defining topology, segmentation, and connectivity across AWS, Azure, and on-premises environments. Plan a scalable IP addressing strategy with non-overlapping CIDR blocks and dedicated subnets for containers, servers, storage, and management. Front and backend assets must be cleanly separated; no internal service is ever publicly addressable. All decisions must be documented and reflected in version-controlled infrastructure code.
  • Network Engineering: Own hands-on engineering of network infrastructure across cloud and on-premises environments, including routing, switching, firewall policy management, VPN setup, and on-premises edge devices (FortiGate, Cisco Nexus 9000). All infrastructure must be written as peer-reviewed code (Terraform, Ansible, Bash), version-controlled, with network security checks integrated into CI/CD. No manual changes to any environment are permitted.
  • Zero Trust Enforcement: Implement zero-trust principles platform-wide, no implicit trust anywhere. Every request must be authenticated, authorised, and logged; every network path explicitly permitted, everything else denied by default. Continuously identify and close trust gaps.
  • Perimeter & Firewall Security: Own the platform's security boundaries end to end. Externally, the only permitted internet entry point is Cloudflare DDoS protection, WAF, then API Gateway, with rules and configurations tested and enforced as code. Internally, own all firewall and NSG rules across cloud and on-premises environments, defined exclusively via IaC, version-controlled, and regularly reviewed for least-privilege access. No manual firewall or NSG changes are permitted.
  • Cloud Network Security & Encryption: Configure and maintain cloud-native network security controls across AWS and Azure, including Security Groups, Network ACLs, AWS Network Firewall, and Azure Firewall. Ensure no storage, database, or service is ever inadvertently exposed to the internet. Enforce TLS 1.2+ everywhere (TLS 1.0/1.1 prohibited) and own the full certificate lifecycle.
  • Hybrid & Site-to-Site Connectivity: Design and maintain highly available, redundant connectivity between cloud and on-premises data centres using AWS Direct Connect, Azure ExpressRoute, and IPSec VPN Gateways. Ensure tested failover paths so no single link interrupts core banking connectivity. All links must be encrypted, monitored, and governed as code.
  • VPN & Admin Access Controls: Design and operate the platform's JumpNet and VPN infrastructure, the only permitted route for admin access to production, with no exceptions. Enforce MFA on all VPN access and log/monitor all privileged sessions.
  • Global Traffic Management: Design and operate global traffic management ensuring user traffic is intelligently distributed across AWS and Azure based on latency, availability, and health, using Route 53/Global Accelerator and Azure Traffic Manager/Front Door with automatic failover. No single cloud environment should be a point of failure.
  • Threat Detection & Network Monitoring: Design and operate centralised network monitoring and threat detection, providing real-time visibility into device health, link utilisation, traffic flows, and anomalies. Implement IDS/IPS, anomaly detection, and traffic analysis tooling, feeding all telemetry into the SIEM with alerting tuned for lateral movement, port scanning, unauthorised connections, and control-bypass attempts. No network event goes undetected or unacted upon.
  • Incident Response: Act as first responder for network-level security incidents, including containment, isolation, forensic evidence preservation, and root cause analysis. Contribute to the Incident Response Plan and keep network runbooks documented and tested.
  • Documentation & Asset Management: Maintain accurate, up-to-date network documentation and a version-controlled inventory of core network assets, including device configs, IP allocations, CIDR assignments, VLAN maps, and topology diagrams, always audit-ready.

What We're Looking For

Must Have

  • 5+ years of hands-on network and security engineering experience in a cloud-native production environment, with demonstrated ownership of private network architecture, zero-trust implementation, and perimeter security at scale
  • Expert-level knowledge of cloud networking on AWS and/or Azure: VNets, subnets, NSGs, Security Groups, Network ACLs, private endpoints, private DNS, VPN Gateways, and Transit Gateways
  • Hands-on experience with perimeter security tooling: Cloudflare (DDoS, WAF), API Gateway configuration (Kong or equivalent), and WAF rule management
  • Strong working knowledge of zero-trust architecture: identity-aware proxies, microsegmentation, least-privilege network access, and continuous verification
  • Proven experience with network threat detection and monitoring: IDS/IPS, SIEM integration, anomaly detection, and network forensics
  • Expert-level knowledge of routing and switching protocols (BGP, OSPF, EIGRP, spanning tree, VLAN trunking) and firewall/security concepts at depth, non-negotiable given the platform's hybrid connectivity and on-premises edge requirements
  • Hands-on experience configuring enterprise firewall and core switching platforms, specifically Fortinet FortiGate and Cisco Nexus 9000 series, which run the on-premises core network
  • Solid Infrastructure as Code skills (Terraform, Ansible, Bash), with all network security controls version-controlled and never manually provisioned
  • Active CCNP Security or CCNP Enterprise certification, or a recognised equivalent, is required given the hybrid connectivity and on-premises responsibilities

Nice to Have

  • Fortinet NSE 4 or NSE 5 certification, relevant given the FortiGate firewall estate
  • AWS Certified Security, Specialty and/or Microsoft Certified: Azure Network Engineer Associate (AZ-700)
  • Experience with container network security: Kubernetes network policies, service mesh (Istio or equivalent), and east-west traffic control
  • Hands-on experience with network security in regulated financial services: PCI DSS network segmentation, CBN guidelines, or equivalent
  • Familiarity with SIEM platforms (Splunk, Microsoft Sentinel, or equivalent) and experience writing detection rules or correlation queries for network-based threats

Compensation

Competitive and commensurate with experience. Details shared with shortlisted candidates.


What We Offer

  • Impactful work: own the network security layer of a platform built to serve hundreds of millions of Africans
  • World-class team: work alongside engineers, security specialists, and architects from top organisations across the continent and globally
  • Modern ways of working: IaC-first, zero-trust by design, built on a dual-cloud (AWS + Azure) foundation
  • Based at our Lagos office, at the heart of Africa's most dynamic technology ecosystem

How to Apply

Apply via the link in the job posting. Applications are managed through our recruitment platform and reviewed on a rolling basis.



<

Important safety tips

  • Do not make any payment without confirming with the Jobberman Customer Support Team.
  • If you think this advert is not genuine, please report it via the Report Job link below.

This action will pause all job alerts. Are you sure?

Cancel Proceed

Similar jobs

Lorem ipsum

Lorem ipsum dolor (Location) Lorem ipsum Confidential
3 years ago

Stay Updated

Join our newsletter and get the latest job listings and career insights delivered straight to your inbox.

v2.homepage.newsletter_signup.choose_type

We care about the protection of your data. Read our

We care about the protection of your data. Read our  privacy policy .

Follow us On:
Get it on Google Play
2026 Jobberman

Or your alerts