Job description
 
                         About T-Mobile:
T-Mobile US, Inc.
(NASDAQ: TMUS), headquartered in Bellevue, Washington, is America’s supercharged Un-carrier, connecting millions through its strong nationwide network and flagship brands, T-Mobile and Metro by T-Mobile.
Customers benefit from an unmatched combination of value, quality, and exceptional service experience.
About TMUS Global Solutions:
TMUS Global Solutions is a world-class technology powerhouse accelerating the company’s global digital transformation.
With a culture built on growth, inclusivity, and global collaboration, the teams here drive innovation at scale, powered by bold thinking.
TMUS India Private Limited is a subsidiary of T-Mobile US, Inc.
and operates as TMUS Global Solutions.
About the Role:
We are building a modern, cloud-native platform to support critical applications across finance, credit, document, and AI-powered systems.
As a Principal Engineer – Security Operations, you will be a key member of the CFL Platform Engineering and Operations team you will lead the architecture and execution of infrastructure platforms that enable reliability, scalability, security, and developer productivity at scale.
This is a strategic technical leadership role, driving cloud adoption, automation, and infrastructure architecture across multiple business domains.
You’ll partner with engineering, security, AI, and SRE teams to build robust platforms that support multi-cloud deployments, CI/CD automation, zero-downtime operations, and cost-effective scaling.
What You’ll Do:
Design and implement end-to-end security monitoring and incident response architecture across cloud and hybrid platforms
Build scalable detection pipelines and correlation logic with SIEM/SOAR tools like Splunk, Chronicle, Sentinel, Palo Alto XSOAR
Integrate security telemetry from APIs, firewalls, IAM, CI/CD, endpoint, and Kubernetes into unified detection systems
Architect automated response and containment workflows to reduce MTTR and alert fatigue
Partner with Threat Intelligence teams to implement IOC and behavior-based detection logic
Build and maintain detection-as-code pipelines with versioning, testing, and simulation
Enable real-time detection of attacks such as zero-day exploits, lateral movement, and data exfiltration
Automate triage, enrichment, and remediation using SOAR platforms and infrastructure APIs
Embed security observability into platform and application architectures
Monitor alert health, detection coverage, and control effectiveness across environments
Act as incident commander during major security events and lead coordinated response
Drive security maturity via tools, playbooks, and collaboration with engineering and operations
Align detection engineering with risk, compliance, IAM, and data security programs
Mentor security engineers and analysts; advocate detection and automation best practices
What You’ll Bring:
Bachelor’s or Master’s degree in Computer Science, Information Security, or related field
7-12 years of experience in Security Engineering, SecOps, or Platform Security roles
Deep expertise in SIEM/SOAR platforms and detection engineering with APIs, logs, and threat intel
Strong hands-on experience in cloud security (Azure preferred; AWS/GCP acceptable)
Proficient in scripting or automation (Python, PowerShell, Bash, or Go)
Experience with container security, Kubernetes, and CI/CD security controls
Proven leadership in high-severity incident response
Must Have Skills:
Application & Microservice: Java, Spring boot, API & Service Design
Any CI/CD Tools : Gitlab Pipeline/Test Automation/GitHub Actions/ Jenkins /Circle CI
App Platform: Docker & Containers (Kubernetes)
Any Databases : SQL & NOSQL (Cassandra/Oracle/Snowflake/MongoDB)
Any Messaging: Kafka, Rabbit MQ
Any Observability/Monitoring: Splunk/ Grafana/ Open Telemetry /ELK Stack/ Datadog/ New Relic/ Prometheus)
Security Skillset: OWASP Concepts, threat modeling, Zero-trust, SecOps
Nice To Have:
Enterprise SecOps strategy & roadmap
Executive risk reporting, board metrics
PCI/PII/SOX compliance governance
Supply chain security program (SLSA provenance)
Vendor security due diligence (FICO, OFSLL, Akamai, Cequence)
Zero-trust architecture: SPIFFE/SPIRE, mTLS
 
                    
                    
Required Skill Profession
 
                     
                    
                    Computer Occupations