Sr Engineer, Software - Security Operations [T500-20381]

About T-Mobile:

T-Mobile US, Inc. (NASDAQ: TMUS), headquartered in Bellevue, Washington, is Americas supercharged Un-carrier, connecting millions through its strong nationwide network and flagship brands, T-Mobile and Metro by T-Mobile. Customers benefit from an unmatched combination of value, quality, and exceptional service experience.

About TMUS Global Solutions:

TMUS Global Solutions is a world-class technology powerhouse accelerating the companys global digital transformation. With a culture built on growth, inclusivity, and global collaboration, the teams here drive innovation at scale, powered by bold thinking.

TMUS India Private Limited operates as TMUS Global Solutions.

About the Role:

As an Engineer Security Operations, you will be a key member of the CFL Platform Engineering and Operations team, you will lead reliability engineering for AI-powered platforms supporting LLM applications, AI gateways, and enterprise-scale services across finance, credit, collections, and document systems. You will design and implement observability and incident response frameworks, scale high-performance infrastructure, and champion SRE best practices to support secure, automated, and resilient systems.

What Youll Do:

• Monitor and triage security alerts using SIEM tools like Splunk, Sentinel, or Chronicle
• Investigate suspicious activity and escalate confirmed incidents with clear documentation
• Tune and maintain detection rules based on threat intelligence, use cases, and false positive analysis
• Assist in incident response efforts, supporting data gathering, root cause analysis, and remediation steps
• Develop and maintain security automation scripts using Python, Bash, or PowerShell
• Support security workflow automation using SOAR tools and custom enrichment scripts
• Integrate security monitoring with cloud infrastructure, CI/CD pipelines, and observability platforms
• Document detection logic, response processes, and investigation workflows
• Collaborate with Cloud, SRE, and DevOps teams to improve system visibility and secure configurations
• Maintain awareness of current threats, vulnerabilities, and attacker techniques
• Participate in red team/blue team exercises, tabletop simulations, or detection validation projects

What Youll Bring:

• Bachelors degree in Computer Science, Information Security, or a related technical field
• 2-5 years of experience in security operations, SOC, threat detection, or incident response roles
• Experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, Chronicle)
• Familiarity with event and log analysis, detection rule tuning, and telemetry correlation
• Scripting ability in Python, PowerShell, or Bash for automation and tooling support
• Understanding of cloud-native security concepts (preferably in Azure; AWS/GCP also relevant)
• Knowledge of threat detection frameworks such as MITRE ATT&CK and use of adversary emulation or threat hunting practices
• Experience with EDR tools, audit logs, IAM logs, or Kubernetes security telemetry
• Exposure to SOAR tools or detection-as-code workflows is a plus
• Strong analytical and troubleshooting skills with attention to technical depth
• Excellent communication skills and the ability to collaborate across engineering and security teams
• Passion for improving threat detection, automation, and overall security posture at scale

Must Have Skills:

• Application & Microservice: Java, Spring boot, API & Service Design
• Any CI/CD Tools : Gitlab Pipeline/Test Automation/GitHub Actions/ Jenkins /Circle CI
• App Platform: Docker & Containers (Kubernetes)
• Any Databases : SQL & NOSQL (Cassandra/Oracle/Snowflake/MongoDB)
• Any Messaging: Kafka, Rabbit MQ
• Any Observability/Monitoring: Splunk/ Grafana/ Open Telemetry /ELK Stack/ Datadog/ New Relic/ Prometheus)
• Security Skillset: OWASP Concepts

Nice To Have:

• IAM least privilege, KMS/Key Vault basics
• Incident/Change/Problem playbooks, ServiceNow integration
• K8s RBAC, Network Policies, image scanning
• SIEM basics (Azure Sentinel, Splunk)
• WAF/DDoS protection (Akamai, Cequence)