More jobs:
Job Description & How to Apply Below
About T-Mobile:
T-Mobile US, Inc. (NASDAQ: TMUS), headquartered in Bellevue, Washington, is America’s supercharged Un-carrier, connecting millions through its strong nationwide network and flagship brands, T-Mobile and Metro by T-Mobile. Customers benefit from an unmatched combination of value, quality, and exceptional service experience.
About TMUS Global Solutions:
TMUS Global Solutions is a world-class technology powerhouse accelerating the company’s global digital transformation. With a culture built on growth, inclusivity, and global collaboration, the teams here drive innovation at scale, powered by bold thinking.
TMUS India Private Limited operates as TMUS Global Solutions.
Job Responsibilities:
Design, develop, and maintain security orchestration, automation, and response (SOAR) playbooks, scripts, and integrations that automate SOC triage, enrichment, and response workflows. Build reusable automation components using Python and apply software engineering best practices to ensure scalability, performance, and maintainability across the SOAR platform.
Integrate the SOAR platform with enterprise security, identity, and IT systems (e.g, SIEM, EDR, IAM, CMDB, email, network tools) to provide accurate, actionable context for automated workflows. Ensure data normalization, validation, and reliability across integrations.
Create and maintain clear, accurate documentation for automation workflows, scripts, integrations, and operational processes. Document design decisions, assumptions, limitations, and failure modes to ensure automation is understandable, supportable, and transferable across teams.
Partner with SOC analysts, incident responders, and threat teams to translate operational runbooks into effective automation. Continuously identify opportunities to reduce manual effort, improve response consistency, and accelerate decision-making throughout the incident lifecycle. Contributes to the long-term SOAR automation strategy by identifying systemic gaps, proposing architectural improvements, and advising on tooling capabilities and limitations.
Ensure automation is safe and production-ready by implementing testing, validation, error handling, monitoring, and change control. Propose and maintain engineering standards, version control practices, and governance processes to support long-term platform stability.
Measure automation effectiveness using operational metrics such as MTTR reduction, analyst effort saved, and false positive reduction. Continuously refine automation based on data, SOC feedback, and evolving threat scenarios.
Qualifications:
Bachelor’s degree in Computer Science, Software Engineering, Computer Engineering, Information Technology, or a related field, or equivalent practical experience.
5–8 years experience in security engineering, SOC engineering, incident response, or detection engineering in a large enterprise environment
3–5 years hands-on experience designing and operating SOAR automation in production environments supporting 24x7 SOC operations
1-3 years building complex, multi-stage automation workflows that integrate SIEM, EDR, IAM, email, network, and ITSM platforms
3-5 years writing production-quality Python used in security automation, including error handling, retries, and defensive coding
1-3 years translating incident response playbooks and analyst workflows into safe, scalable automation
1-3 years acting as a technical leader for SOAR initiatives (design ownership, peer reviews, mentoring) is preferred.
1-3 years driving automation that measurably reduced MTTR, false positives, or analyst workload
Must Have
Skills:
Expert-level understanding of security automation and SOAR concepts, including orchestration, context management, branching logic, retries, and rollback, with the ability to design reliable and maintainable automation workflows.
Deep understanding of Security Operations Center (SOC) operations, including investigation workflows, incident lifecycle management, and how automation supports analyst decision-making.
Strong API engineering skills, including experience working with REST APIs, OAuth, JSON payloads, pagination, and rate limiting in production environments.
Ab…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
Search for further Jobs Here:
×