.png)
Hyderabad
Principal Engineer, Software | Global telecom disruptor powering one of the most advanced 5G networks in the world.
Please find below the details of the role and its responsibilities.
Skills Required:
AWS, Azure, Terraform, Ansible, Python, GoLang, IAM, Identity Access Management,
Docker, Kubernetes, Cloudsecurity, Cloud Security, DevSecOps, Prisma Cloud, CNAPP,
Wiz
Experience Range:
12 - 18 years
Job Description:
About the Role:
The Principal Software Engineer plays a key role in designing, implementing, and securing
scalable cloud infrastructure across AWS and Azure environments. This role focuses on
developing and automating cloud security solutions, implementing GitOps-driven
workflows, managing IAM and identity governance, and deploying secure-by-design
systems using modern DevSecOps practices. The engineer will build and manage
logging, monitoring, and configuration management pipelines, integrate CNAPP tools like
Wiz for threat detection and compliance, auto remediation capabilities and contribute to
overall cloud security strategy. This individual will also mentor peers, influence
architectural decisions, and ensure alignment with T-Mobile's enterprise security and
compliance standards.
We pride ourselves on encouraging a culture of innovation, agile ways of working, and
transparency in all we do. Join us in embodying the spirit of the Un-carrier and make a
tangible impact!
What You'll Do:
• Design, develop, and implement secure cloud infrastructure and automation pipelines
across AWS and Azure.• Build and maintain GitOps-driven workflows for cloud provisioning, configuration, and
deployment.
• Develop and maintain golden images (e.g., hardened AMIs, Azure VM templates,
container base images) to standardize secure deployments.
• Implement and manage Identity and Access Management (IAM) policies, roles, and
federations for secure access control.
• Develop and integrate cloud logging, monitoring, and observability solutions (e.g.,
CloudWatch, Azure Monitor, ELK, Prometheus).
• Use Ansible for configuration management and automation of cloud and security
environments.
• Deploy and manage Cloud-Native Application Protection Platforms (CNAPP) such as
Wiz for risk detection, compliance, and posture management.
• Develop infrastructure as code (IaC) using Terraform for consistent and secure
resource provisioning.
• Write automation and tooling scripts in Python and Go to enhance cloud security and
operations.
• Collaborate with DevOps, Security, and Application teams to integrate CI/CD and
security automation.
• Participate in threat modeling, security assessments, and remediation of
vulnerabilities.
• Document architecture, design decisions, and security configurations.
• Mentor junior engineers and foster best practices in cloud security engineering.
What You'll Bring:
• Bachelor's degree in computer science, Engineering, or related field.
• 10+ years of experience in cloud engineering, DevSecOps, or cloud security roles.
• Strong hands-on experience with AWS and/or Azure services and architectures.
• Proven ability to build, harden, and maintain golden images for servers, containers,
and virtual machines.
• Deep knowledge of IAM, security policies, roles, and access automation.
• Proven experience with GitOps, Terraform, and Ansible for cloud provisioning and
configuration management.
• Experience building and maintaining cloud monitoring, logging, and alerting
frameworks.• Familiarity with CNAPP platforms (e.g., Wiz, Prisma Cloud, Orca, etc.) and
CSPM/CWPP principles.
• Proficiency in at least one modern Automation programming language (e.g.,
Python and/or Go)
• Experience integrating security into CI/CD pipelines and containerized environments
(Docker, Kubernetes).
• Strong problem-solving, analytical thinking, and collaboration skills.
• Excellent written and verbal communication skills.
Must Have Skills
• Cloud security engineering,
• GitOps, IAM.
• IAC Tools - Terraform, Ansible
• CNAPP (e.g., Wiz. Prisma Cloud),
• Hands on in Programming - Python/Go scripting.
• Cloud logging & monitoring, golden image creation, and CI/CD integration.
Nice-to-Have
• Experience with policy-as-code and compliance automation frameworks.
• Knowledge of network security principles, including firewalls, VPCs, and service
mesh.
• Familiarity with DevSecOps, Zero Trust, and security observability frameworks.
• Exposure to GenAI tools or security automation through machine learning (nice to
have).