Sr Engineer, Cybersecurity [T500-22878]

About T-Mobile:

T-Mobile US, Inc. (NASDAQ: TMUS), headquartered in Bellevue, Washington, is Americas supercharged Un-carrier, connecting millions through its strong nationwide network and flagship brands, T-Mobile and Metro by T-Mobile. Customers benefit from an unmatched combination of value, quality, and exceptional service experience.

About TMUS Global Solutions:

TMUS Global Solutions is a world-class technology powerhouse accelerating the companys global digital transformation. With a culture built on growth, inclusivity, and global collaboration, the teams here drive innovation at scale, powered by bold thinking.

TMUS India Private Limited operates as TMUS Global Solutions.

What Youll Do:

• Design, build, and operate cloud-native AppSec automation platforms that reduce cyber risk and enable secure software delivery.
• Develop and maintain backend services, automation frameworks, and APIs using Java/Spring, C#/.NET Core, Go, Python, and Shell scripting.
• Engineer and integrate automated AppSec testing into CI/CD pipelines, including:
• Static Application Security Testing (SAST).
• Dynamic Application Security Testing (DAST).
• Software Composition Analysis (SCA).
• Secrets detection and remediation.
• Mobile Application Security Testing (MAST).
• Infrastructure-as-Code (IaC) security scanning.
• Build event-driven and data-driven automation to correlate findings, reduce false positives, and enable automated remediation.
• Apply AI-enabled techniques (LLMs, embeddings, RAG, classification models) to:
• Improve vulnerability triage and prioritization.
• Enhance developer feedback and remediation guidance.
• Automate policy interpretation and exception handling.
• Conduct secure architecture and API design reviews, threat modeling, and risk assessments for cloud-native and microservices-based systems.
• Design scalable, highly available components with strong observability, resilience, and failure-handling characteristics.
• Integrate AppSec controls into AWS and Azure environments, including IAM, secrets management, encryption, and secure integration patterns.
• Deploy and operate services using containers, serverless components, Kubernetes, and managed cloud services.
• Contribute to CI/CD pipelines, infrastructure-as-code, and DevOps practices to support reliable, repeatable releases.
• Participate in design, code, and security reviews, ensuring secure-by-design and engineering best practices.
• Partner with engineering teams to identify, prioritize, and remediate application, API, secrets, and IaC vulnerabilities.
• Mentor engineers and promote secure development practices through documentation, tooling, and knowledge sharing.
• Recommend tools, patterns, and process improvements to advance AppSec automation maturity.
• Perform additional duties and projects as assigned.

What Youll Bring:

• 57+ years of professional software development and application security experience.
• Bachelors or Masters degree in Computer Science, Software Engineering, Information Management, or equivalent practical experience.
• Strong experience building enterprise-grade, cloud-native applications and APIs.
• Hands-on experience with application security across the SDLC, including secure design, code review, threat modeling, and vulnerability remediation.
• Proven experience implementing and scaling AppSec testing and automation, including:
• SAST, DAST, SCA, Secrets scanning.
• MAST for mobile applications.
• IaC security scanning and policy enforcement.
• Strong programming experience in one or more backend languages (Java, C#, Go) and automation languages (Python and Shell).
• Experience building event-driven or workflow orchestration systems for security automation.
• Hands-on experience with AWS and/or Azure, including cloud-native security controls.
• Solid understanding of distributed systems, microservices, and secure integration patterns.
• Experience with CI/CD pipelines, DevOps practices, automated testing, Docker, and Kubernetes.
• Strong experience with relational and NoSQL databases, SQL, and data modeling.
• Working knowledge of secure coding practices, IAM, secrets management, encryption, and vulnerability remediation.
• Experience applying or integrating AI-driven automation within engineering or security platforms.

Must Have Skills:

• Core understanding of backend development using Java/Spring, C# / .NET Core, Go, Python
• Python and Shell scripting for security automation
• Experience building cloud-native, enterprise-grade applications
• Strong application and API security experience across the SDLC
• Hands-on experience with SAST, DAST, SCA, Secrets, MAST, and IaC security
• Experience integrating AppSec tooling into CI/CD pipelines
• Automation, workflow orchestration, or event-driven system design
• AWS and/or Azure experience
• Strong understanding of distributed systems and integration patterns
• CI/CD, DevOps, Docker, and Kubernetes experience
• APIs, relational/NoSQL databases, and SQL
• Secure coding, IAM, secrets management, and vulnerability remediation
• Automated testing (unit, integration, security)

Nice To Have:

• Experience building AI-powered AppSec automation or developer enablement tools
• Experience with SOAR platforms or security workflow orchestration
• Familiarity with observability, reliability, or SRE practices
• Infrastructure-as-code expertise (Terraform, ARM, Bicep)
• Experience securing RESTful and event-driven APIs (OAuth 2.0, mTLS, OWASP API Top 10)
• Experience mentoring engineers or building shared security frameworks