Principal Engineer, Software - Security Operations [T500-20382]

About T-Mobile : T-Mobile US, Inc. (NASDAQ : TMUS), headquartered in Bellevue, Washington, is America’s supercharged Un-carrier, connecting millions through its strong nationwide network and flagship brands, T-Mobile and Metro by T-Mobile. Customers benefit from an unmatched combination of value, quality, and exceptional service experience.

About TMUS Global Solutions :

TMUS Global Solutions is a world-class technology powerhouse accelerating the company’s global digital transformation. With a culture built on growth, inclusivity, and global collaboration, the teams here drive innovation at scale, powered by bold thinking.

TMUS India Private Limited is a subsidiary of T-Mobile US, Inc. and operates as TMUS Global Solutions.

About the Role :

We are building a modern, cloud-native platform to support critical applications across finance, credit, document, and AI-powered systems. As a Principal Engineer – Security Operations, you will be a key member of the CFL Platform Engineering and Operations team you will lead the architecture and execution of infrastructure platforms that enable reliability, scalability, security, and developer productivity at scale.

This is a strategic technical leadership role, driving cloud adoption, automation, and infrastructure architecture across multiple business domains. You’ll partner with engineering, security, AI, and SRE teams to build robust platforms that support multi-cloud deployments, CI / CD automation, zero-downtime operations, and cost-effective scaling.

What You’ll Do :

Design and implement end-to-end security monitoring and incident response architecture across cloud and hybrid platforms

Build scalable detection pipelines and correlation logic with SIEM / SOAR tools like Splunk, Chronicle, Sentinel, Palo Alto XSOAR

Integrate security telemetry from APIs, firewalls, IAM, CI / CD, endpoint, and Kubernetes into unified detection systems

Architect automated response and containment workflows to reduce MTTR and alert fatigue

Partner with Threat Intelligence teams to implement IOC and behavior-based detection logic

Build and maintain detection-as-code pipelines with versioning, testing, and simulation

Enable real-time detection of attacks such as zero-day exploits, lateral movement, and data exfiltration

Automate triage, enrichment, and remediation using SOAR platforms and infrastructure APIs

Embed security observability into platform and application architectures

Monitor alert health, detection coverage, and control effectiveness across environments

Act as incident commander during major security events and lead coordinated response

Drive security maturity via tools, playbooks, and collaboration with engineering and operations

Align detection engineering with risk, compliance, IAM, and data security programs

Mentor security engineers and analysts; advocate detection and automation best practices

What You’ll Bring :

Bachelor’s or Master’s degree in Computer Science, Information Security, or related field

7-12 years of experience in Security Engineering, SecOps, or Platform Security roles

Deep expertise in SIEM / SOAR platforms and detection engineering with APIs, logs, and threat intel

Strong hands-on experience in cloud security (Azure preferred; AWS / GCP acceptable)

Proficient in scripting or automation (Python, PowerShell, Bash, or Go)

Experience with container security, Kubernetes, and CI / CD security controls

Proven leadership in high-severity incident response

Must Have Skills :

Application & Microservice : Java, Spring boot, API & Service Design

Any CI / CD Tools : Gitlab Pipeline / Test Automation / GitHub Actions / Jenkins / Circle CI

App Platform : Docker & Containers (Kubernetes)

Any Databases : SQL & NOSQL (Cassandra / Oracle / Snowflake / MongoDB)

Any Messaging : Kafka, Rabbit MQ

Any Observability / Monitoring : Splunk / Grafana / Open Telemetry / ELK Stack / Datadog / New Relic / Prometheus)

Security Skillset : OWASP Concepts, threat modeling, Zero-trust, SecOps

Nice To Have :

Enterprise SecOps strategy & roadmap

Executive risk reporting, board metrics

PCI / PII / SOX compliance governance

Supply chain security program (SLSA provenance)

Vendor security due diligence (FICO, OFSLL, Akamai, Cequence)

Zero-trust architecture : SPIFFE / SPIRE, mTLS