Sr Engineer, Software - Security Operations [T500-20381]

ANSR is hiring for one of its clients.

About T-Mobile :

T-Mobile US, Inc. (NASDAQ : TMUS), headquartered in Bellevue, Washington, is America’s supercharged Un-carrier, connecting millions through its strong nationwide network and flagship brands, T-Mobile and Metro by T-Mobile. Customers benefit from an unmatched combination of value, quality, and exceptional service experience.

About TMUS Global Solutions :

TMUS Global Solutions is a world-class technology powerhouse accelerating the company’s global digital transformation. With a culture built on growth, inclusivity, and global collaboration, the teams here drive innovation at scale, powered by bold thinking.

TMUS India Private Limited is a subsidiary of T-Mobile US, Inc. and operates as TMUS Global Solutions.

About the Role :

As an Engineer – Security Operations, you will be a key member of the CFL Platform Engineering and Operations team, you will lead reliability engineering for AI-powered platforms supporting LLM applications, AI gateways, and enterprise-scale services across finance, credit, collections, and document systems. You will design and implement observability and incident response frameworks, scale high-performance infrastructure, and champion SRE best practices to support secure, automated, and resilient systems.

What You’ll Do :

Monitor and triage security alerts using SIEM tools like Splunk, Sentinel, or Chronicle

Investigate suspicious activity and escalate confirmed incidents with clear documentation

Tune and maintain detection rules based on threat intelligence, use cases, and false positive analysis

Assist in incident response efforts, supporting data gathering, root cause analysis, and remediation steps

Develop and maintain security automation scripts using Python, Bash, or PowerShell

Support security workflow automation using SOAR tools and custom enrichment scripts

Integrate security monitoring with cloud infrastructure, CI / CD pipelines, and observability platforms

Document detection logic, response processes, and investigation workflows

Collaborate with Cloud, SRE, and DevOps teams to improve system visibility and secure configurations

Maintain awareness of current threats, vulnerabilities, and attacker techniques

Participate in red team / blue team exercises, tabletop simulations, or detection validation projects

What You’ll Bring :

Bachelor’s degree in Computer Science, Information Security, or a related technical field

2-5 years of experience in security operations, SOC, threat detection, or incident response roles

Experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, Chronicle)

Familiarity with event and log analysis, detection rule tuning, and telemetry correlation

Scripting ability in Python, PowerShell, or Bash for automation and tooling support

Understanding of cloud-native security concepts (preferably in Azure; AWS / GCP also relevant)

Knowledge of threat detection frameworks such as MITRE ATT&CK and use of adversary emulation or threat hunting practices

Experience with EDR tools, audit logs, IAM logs, or Kubernetes security telemetry

Exposure to SOAR tools or detection-as-code workflows is a plus

Strong analytical and troubleshooting skills with attention to technical depth

Excellent communication skills and the ability to collaborate across engineering and security teams

Passion for improving threat detection, automation, and overall security posture at scale

Must Have Skills :

Application & Microservice : Java, Spring boot, API & Service Design

Any CI / CD Tools : Gitlab Pipeline / Test Automation / GitHub Actions / Jenkins / Circle CI

App Platform : Docker & Containers (Kubernetes)

Any Databases : SQL & NOSQL (Cassandra / Oracle / Snowflake / MongoDB)

Any Messaging : Kafka, Rabbit MQ

Any Observability / Monitoring : Splunk / Grafana / Open Telemetry / ELK Stack / Datadog / New Relic / Prometheus)

Security Skillset : OWASP Concepts

Nice To Have :

IAM least privilege, KMS / Key Vault basics

Incident / Change / Problem playbooks, ServiceNow integration

K8s RBAC, Network Policies, image scanning

SIEM basics (Azure Sentinel, Splunk)

WAF / DDoS protection (Akamai, Cequence)