Job Description

About TMUS Global Solutions
T-Mobile is Americas supercharged Un-carrier, challenging conventions and setting new standards in wireless. With the nations largest and fastest 5G network, T-Mobile delivers advanced connectivity and unmatched value to millions across the U.S. Were unwaveringly obsessed with providing the best possible service experience, driven by a spirit of disruption that fuels competition and innovation in wireless and beyond.
Disclaimer: TMUS India Private Limited is a subsidiary of T-Mobile US, Inc. and operates as TMUS Global Solutions. TMUS India Private Ltd., and T-Mobile US, Inc., do not provide telecommunication services in India.

About the Role
We are building a modern, cloud-native platform to support critical applications across finance, credit, document, and AI-powered systems. As a Principal Engineer Security Operations,you will be a key member of the CFL Platform Engineering and Operations team you will lead the architecture and execution of infrastructure platforms that enable reliability, scalability, security, and developer productivity at scale.
This is a strategic technical leadership role, driving cloud adoption, automation, and infrastructure architecture across multiple business domains. Youll partner with engineering, security, AI, and SRE teams to build robust platforms that support multi-cloud deployments, CI/CD automation, zero-downtime operations, and cost-effective scaling.
What Youll Do

• Design and implement end-to-end security monitoring and incident response architecture across cloud and hybrid platforms
• Build scalable detection pipelines and correlation logic with SIEM/SOAR tools like Splunk, Chronicle, Sentinel, Palo Alto XSOAR
• Integrate security telemetry from APIs, firewalls, IAM, CI/CD, endpoint, and Kubernetes into unified detection systems
• Architect automated response and containment workflows to reduce MTTR and alert fatigue
• Partner with Threat Intelligence teams to implement IOC and behavior-based detection logic
• Build and maintain detection-as-code pipelines with versioning, testing, and simulation
• Enable real-time detection of attacks such as zero-day exploits, lateral movement, and data exfiltration
• Automate triage, enrichment, and remediation using SOAR platforms and infrastructure APIs
• Embed security observability into platform and application architectures
• Monitor alert health, detection coverage, and control effectiveness across environments
• Act as incident commander during major security events and lead coordinated response
• Drive security maturity via tools, playbooks, and collaboration with engineering and operations
• Align detection engineering with risk, compliance, IAM, and data security programs
• Mentor security engineers and analysts; advocate detection and automation best practices

What Youll Bring

• Bachelors or Masters degree in Computer Science, Information Security, or related field
• 7-12 years of experience in Security Engineering, SecOps, or Platform Security roles
• Deep expertise in SIEM/SOAR platforms and detection engineering with APIs, logs, and threat intel
• Strong hands-on experience in cloud security (Azure preferred; AWS/GCP acceptable)
• Proficient in scripting or automation (Python, PowerShell, Bash, or Go)
• Experience with container security, Kubernetes, and CI/CD security controls
• Proven leadership in high-severity incident response

Must Have Skills

• Application & Microservice: Java, Spring boot, API & Service Design
• Any CI/CD Tools: Gitlab Pipeline/Test Automation/GitHub Actions/ Jenkins /Circle CI
• App Platform: Docker & Containers (Kubernetes)
• Any Databases: SQL & NOSQL (Cassandra/Oracle/Snowflake/MongoDB)
• Any Messaging: Kafka, Rabbit MQ
• Any Observability/Monitoring: Splunk/ Grafana/ Open Telemetry /ELK Stack/ Datadog/ New Relic/ Prometheus)
• Security Skillset: OWASP Concepts, threat modeling, Zero-trust, SecOps

Nice To Have * Enterprise SecOps strategy & roadmap

• Executive risk reporting, board metrics
• PCI/PII/SOX compliance governance
• Supply chain security program (SLSA provenance)
• Vendor security due diligence (FICO, OFSLL, Akamai, Cequence)
• Zero-trust architecture: SPIFFE/SPIRE, mTLS

Skills Required