About T-Mobile: T-Mobile US, Inc. (NASDAQ: TMUS), headquartered in Bellevue, Washington, is America’s supercharged Un-carrier, connecting millions through its strong nationwide network and flagship brands, T-Mobile and Metro by T-Mobile. Customers benefit from an unmatched combination of value, quality, and exceptional service experience.About TMUS Global Solutions: TMUS Global Solutions is a world-class technology powerhouse accelerating the company’s global digital transformation. With a culture built on growth, inclusivity, and global collaboration, the teams here drive innovation at scale, powered by bold thinking. TMUS India Private Limited operates as TMUS Global Solutions.Job Responsibilities: Design, develop, and maintain security orchestration, automation, and response (SOAR) playbooks, scripts, and integrations that automate SOC triage, enrichment, and response workflows. Build reusable automation components using Python and apply software engineering best practices to ensure scalability, performance, and maintainability across the SOAR platform. Integrate the SOAR platform with enterprise security, identity, and IT systems (e.g, SIEM, EDR, IAM, CMDB, email, network tools) to provide accurate, actionable context for automated workflows. Ensure data normalization, validation, and reliability across integrations. Create and maintain clear, accurate documentation for automation workflows, scripts, integrations, and operational processes. Document design decisions, assumptions, limitations, and failure modes to ensure automation is understandable, supportable, and transferable across teams. Partner with SOC analysts, incident responders, and threat teams to translate operational runbooks into effective automation. Continuously identify opportunities to reduce manual effort, improve response consistency, and accelerate decision-making throughout the incident lifecycle. Contributes to the long-term SOAR automation strategy by identifying systemic gaps, proposing architectural improvements, and advising on tooling capabilities and limitations. Ensure automation is safe and production-ready by implementing testing, validation, error handling, monitoring, and change control. Propose and maintain engineering standards, version control practices, and governance processes to support long-term platform stability. Measure automation effectiveness using operational metrics such as MTTR reduction, analyst effort saved, and false positive reduction. Continuously refine automation based on data, SOC feedback, and evolving threat scenarios.Qualifications: Bachelor’s degree in Computer Science, Software Engineering, Computer Engineering, Information Technology, or a related field, or equivalent practical experience. 5–8 years experience in security engineering, SOC engineering, incident response, or detection engineering in a large enterprise environment 3–5 years hands-on experience designing and operating SOAR automation in production environments supporting 24x7 SOC operations 1-3 years building complex, multi-stage automation workflows that integrate SIEM, EDR, IAM, email, network, and ITSM platforms 3-5 years writing production-quality Python used in security automation, including error handling, retries, and defensive coding 1-3 years translating incident response playbooks and analyst workflows into safe, scalable automation 1-3 years acting as a technical leader for SOAR initiatives (design ownership, peer reviews, mentoring) is preferred. 1-3 years driving automation that measurably reduced MTTR, false positives, or analyst workloadMust Have Skills: Expert-level understanding of security automation and SOAR concepts, including orchestration, context management, branching logic, retries, and rollback, with the ability to design reliable and maintainable automation workflows. Deep understanding of Security Operations Center (SOC) operations, including investigation workflows, incident lifecycle management, and how automation supports analyst decision-making. Strong API engineering skills, including experience working with REST APIs, OAuth, JSON payloads, pagination, and rate limiting in production environments. Ability to develop complex custom automation scripts in Python and effectively troubleshoot, debug, and maintain existing Python-based automation. Experience integrating cloud-native and SaaS security tools into automated workflows to support enrichment, response, and orchestration use cases. Working knowledge of detection engineering concepts, including detection logic, enrichment pipelines, and alert normalization within SOC environments. Experience applying CI/CD practices, version control, and testing methodologies to SOAR content to ensure safe, repeatable, and reliable deployments. Ability to produce clear, comprehensive technical documentation for automation workflows, integrations, and operational procedures that support long-term maintainability. Demonstrated habit of documenting design decisions, assumptions, failure modes, and edge cases to ensure automation is understandable, supportable, and transferable. Experience creating runbooks and knowledge artifacts that enable SOC adoption, operational consistency, and long-term support of automation. Exceptional problem-solving ability in ambiguous, high-impact operational environments, with a focus on identifying root causes and designing durable solutions. Ability to design automation that appropriately balances speed, safety, reliability, and operational risk in production SOC environments. Strong written and verbal communication skills, with the ability to clearly convey technical concepts to engineers, analysts, and leadership. Ability to explain complex automation logic, decision paths, and failure scenarios in a clear and structured manner. High ownership mindset that treats automation as production software, with accountability for quality, reliability, and operational outcomes. Ability to influence SOC behavior and adoption through well-designed, intuitive, and effective automation solutions. Ability to collaborate effectively within cross-functional teams, constructively challenge ideas and decisions, and advocate for sound technical and operational approaches while aligning with organizational direction when required. SOAR platform certification, such as Palo Alto Networks Cortex XSOAR Engineer, Splunk SOAR Certified Automation Developer, Swimlane, or Tines.Nice To Have: Familiarity with infrastructure-as-a-service (IaaS) engineering concepts, including experience working with cloud platforms, preferably Microsoft Azure, and associated identity ecosystems. GIAC certifications such as GCIA, GCED, GNFA, or similar credentials demonstrating knowledge in intrusion analysis, enterprise defense, or incident response. Microsoft Certified: Azure Security Engineer Associate certification, or equivalent experience securing Azure cloud environments. Microsoft SC-200 (Security Operations Analyst) certification, demonstrating familiarity with SOC operations and security monitoring within Microsoft security platforms.
Job Title
Sr Engineer, Cybersecurity [T500-22876]