About T-Mobile: T-Mobile US, Inc. (NASDAQ: TMUS), headquartered in Bellevue, Washington, is America’s supercharged Un-carrier, connecting millions through its strong nationwide network and flagship brands, T-Mobile and Metro by T-Mobile. Customers benefit from an unmatched combination of value, quality, and exceptional service experience.About TMUS Global Solutions: TMUS Global Solutions is a world-class technology powerhouse accelerating the company’s global digital transformation. With a culture built on growth, inclusivity, and global collaboration, the teams here drive innovation at scale, powered by bold thinking. TMUS India Private Limited operates as TMUS Global Solutions.What You’ll Do: Design, build, and operate cloud-native AppSec automation platforms that reduce cyber risk and enable secure software delivery. Develop and maintain backend services, automation frameworks, and APIs using Java/Spring, C# Core, Go, Python, and Shell scripting. Engineer and integrate automated AppSec testing into CI/CD pipelines, including: Static Application Security Testing (SAST). Dynamic Application Security Testing (DAST). Software Composition Analysis (SCA). Secrets detection and remediation. Mobile Application Security Testing (MAST). Infrastructure-as-Code (IaC) security scanning. Build event-driven and data-driven automation to correlate findings, reduce false positives, and enable automated remediation. Apply AI-enabled techniques (LLMs, embeddings, RAG, classification models) to: Improve vulnerability triage and prioritization. Enhance developer feedback and remediation guidance. Automate policy interpretation and exception handling. Conduct secure architecture and API design reviews, threat modeling, and risk assessments for cloud-native and microservices-based systems. Design scalable, highly available components with strong observability, resilience, and failure-handling characteristics. Integrate AppSec controls into AWS and Azure environments, including IAM, secrets management, encryption, and secure integration patterns. Deploy and operate services using containers, serverless components, Kubernetes, and managed cloud services. Contribute to CI/CD pipelines, infrastructure-as-code, and DevOps practices to support reliable, repeatable releases. Participate in design, code, and security reviews, ensuring secure-by-design and engineering best practices. Partner with engineering teams to identify, prioritize, and remediate application, API, secrets, and IaC vulnerabilities. Mentor engineers and promote secure development practices through documentation, tooling, and knowledge sharing. Recommend tools, patterns, and process improvements to advance AppSec automation maturity. Perform additional duties and projects as assigned.What You’ll Bring: 5–7+ years of professional software development and application security experience. Bachelor’s or Master’s degree in Computer Science, Software Engineering, Information Management, or equivalent practical experience. Strong experience building enterprise-grade, cloud-native applications and APIs. Hands-on experience with application security across the SDLC, including secure design, code review, threat modeling, and vulnerability remediation. Proven experience implementing and scaling AppSec testing and automation, including: SAST, DAST, SCA, Secrets scanning. MAST for mobile applications. IaC security scanning and policy enforcement. Strong programming experience in one or more backend languages (Java, C#, Go) and automation languages (Python and Shell). Experience building event-driven or workflow orchestration systems for security automation. Hands-on experience with AWS and/or Azure, including cloud-native security controls. Solid understanding of distributed systems, microservices, and secure integration patterns. Experience with CI/CD pipelines, DevOps practices, automated testing, Docker, and Kubernetes. Strong experience with relational and NoSQL databases, SQL, and data modeling. Working knowledge of secure coding practices, IAM, secrets management, encryption, and vulnerability remediation. Experience applying or integrating AI-driven automation within engineering or security platforms.Must Have Skills: Core understanding of backend development using Java/Spring, C# / .NET Core, Go, Python Python and Shell scripting for security automation Experience building cloud-native, enterprise-grade applications Strong application and API security experience across the SDLC Hands-on experience with SAST, DAST, SCA, Secrets, MAST, and IaC security Experience integrating AppSec tooling into CI/CD pipelines Automation, workflow orchestration, or event-driven system design AWS and/or Azure experience Strong understanding of distributed systems and integration patterns CI/CD, DevOps, Docker, and Kubernetes experience APIs, relational/NoSQL databases, and SQL Secure coding, IAM, secrets management, and vulnerability remediation Automated testing (unit, integration, security)Nice To Have: Experience building AI-powered AppSec automation or developer enablement tools Experience with SOAR platforms or security workflow orchestration Familiarity with observability, reliability, or SRE practices Infrastructure-as-code expertise (Terraform, ARM, Bicep) Experience securing RESTful and event-driven APIs (OAuth 2.0, mTLS, OWASP API Top 10) Experience mentoring engineers or building shared security frameworks
Job Title
Sr Engineer, Cybersecurity [T500-22878]