Principal Engineer Software - Payment Fraud Technologies

At TMobile we invest in YOU! Our Total Rewards Package ensures that employees get the same big love we give our customers. All team members receive a competitive base salary and compensation package this is Total Rewards. Employees enjoy multiple wealthbuilding opportunities through our annual stock grant employee stock purchase plan 401(k) and access to free yearround money coaches. Thats how were UNSTOPPABLE for our employees!

Are you ready to join the Uncarrier movement
The Principal Engineer is a senior technical leader responsible for the endtoend architecture and delivery of a highly scalable payment processing & fraud management platform. In this role you will define the technical strategy and drive the handson development of a secure resilient infrastructure that processes transactions at extensive scale. You will provide architectural leadership and ownership of the platforms design ensuring high availability low latency performance and robustness against failures. Security is a paramount focus. The Principal Engineer will champion standard processes in cloud infrastructure security payment data protection (PCI compliance tokenization) and Kubernetes/container orchestration security to safeguard our systems and customers. This role combines strategic vision with active contribution collaborating multifunctionally to deliver a worldclass payments platform that is innovative reliable and secure.
We are a team that encourages innovation and advocate an agile and open approach truly working and playing in the Uncarrier way!

Key Responsibilities

• Technical Strategy Define the technical roadmap and engineering strategy for payments and fraud systems. Make highimpact decisions on system design technology selection and architectural patterns (e.g. microservices eventdriven architectures) that align with longterm business goals.
• HandsOn Development Lead by example with active involvement in coding code reviews and prototyping of critical platform components. Solve complex technical problems in realtime payment processing and implement solutions that improve performance reliability and security.
• Secure Cloud Infrastructure Design and maintain a secure cloud environment (preferably on AWS or GCP) for the payment platform. Implement standard methodologies in identity and access management (IAM) network segmentation and VPC design and data encryption (in transit and at rest using KMS or similar). Ensure cloud architecture aligns with security standards and regulatory requirements using tools for intrusion detection logging/monitoring and cloud compliance audits.
• Payment Security & Compliance Champion payment data security across the platform. Ensure endtoend PCI DSS compliance for all payment processes and services including implementing tokenization and encryption to protect critical cardholder data and reduce PCI scope. Design secure payment processing flows and APIs that guard against threats and fraud while maintaining a seamless customer experience. Collaborating with Compliance and InfoSec teams to pass audits and continuously strengthen our payment security posture.
• Fraud Prevention Integrate and enhance fraud detection mechanisms within the platform. Architect solutions for realtime fraud scoring anomaly detection and risk rules engine to minimize fraudulent transactions. Optimize workflows to balance robust fraud prevention with low false positives protecting revenue and customer trust. Evaluate emerging fraud prevention tools machine learning models or thirdparty services and lead proofofconcept efforts to improve our fraud detection capabilities.
• Kubernetes & Container Security Oversee the security of our containerized applications and Kubernetes orchestration. Implement Kubernetes security practices: ensure secure pod configurations (e.g. least privilege no privileged containers) implement network policies for pod communication and handle cluster RBAC for strict access control. Manage secrets and critical configuration using secure stores and deploy runtime security measures (monitoring vulnerability scanning image security policies) to protect the platforms container environment.
• Resilience Design for high availability and disaster recovery. Implement redundancy failover mechanisms and graceful degradation strategies across services to ensure uninterrupted payment processing. Lead initiatives for chaos testing and simulation of failure scenarios to continually improve system robustness.
• Architect & Lead Design and evolve a scalable faulttolerant system capable of high transaction volumes with nearzero downtime. Provide technical leadership and mentorship to engineering teams setting coding design and quality standards.
• Performance & Scalability Continuously optimize platform performance. Guide the design of lowlatency highthroughput transaction processing pipelines and tune systems (databases caches messaging systems) for optimal operation under heavy load. Use metrics and monitoring (APM logging dashboards) to identify bottlenecks and drive improvements.
• multifunctional Collaboration Work closely with product managers business customers and other engineering teams to align the payment platforms capabilities with business requirements. Translate business needs (new payment methods international payments new fraud patterns) into technical designs. Collaborate with Security Cloud Infrastructure and DevOps teams to implement a DevSecOps approach ensuring security and compliance are integrated into the development and deployment lifecycle.
• Innovation & Continuous Improvement Stay uptodate with industry trends in payments fintech and cloud security. Evaluate and recommend new technologies frameworks or approaches (e.g. serverless components encryption techniques payment protocols like 3DS etc. that could enhance the platform. Lead proofofconcept projects and drive continuous improvement of development processes tools and standards.
• Mentorship & Leadership Serve as a mentor and coach for engineers on the team. Conduct design reviews and security reviews share knowledge of best practices in building secure and scalable systems and foster a culture of engineering excellence and accountability. Provide thought leadership in engineering forums and contribute to the growth of the technical organization.

Required Qualifications

• Experience: 10 years of software engineering experience with at least 5 years in designing and building largescale distributed systems (preferably in payments fintech or ecommerce domains). Proven track record as a senior or lead engineer/architect for critically important platforms handling high transaction levels.
• Domain Knowledge: Indepth understanding of payment processing systems (transaction lifecycles payment gateways card networks alternative payment methods) and fraud detection techniques. Handson experience implementing or integrating payment gateways fraud/risk engines or similar financial systems is required.
• Cloud Expertise: Strong experience with cloud platforms (AWS and/or GCP) in a production environment. Ability to design cloudnative systems applying services such as EC2/ECS/EKS or GCE/GKE RDS/Cloud SQL load balancers messaging/queue systems etc. Solid grasp of cloud infrastructure security including IAM policies VPC network design security groups/Firewall rules data encryption (SSL/TLS KMS) and monitoring/auditing.
• Security & Compliance: Deep knowledge of PCI DSS requirements and experience ensuring compliance in payment systems. Familiarity with secure coding practices and standards for handling critical data. Demonstrated experience implementing tokenization encryption and other techniques to protect payment data and reduce systems in PCI scope. Understanding of privacy and compliance considerations in a large merchant context.
• Containerization & Kubernetes: Handson experience deploying and managing applications in Kubernetes (on cloud or onprem). Proficiency with Docker/containerization and managing container security (image scanning using minimal base images handling secrets). Knowledge of Kubernetes components (pods services ingress etc. and security controls (RBAC Network Policies pod security contexts).
• Architecture & Systems Design: Exceptional skills in designing highly available faulttolerant architectures. Experience with microservices architecture eventdriven or messagedriven systems and designing APIs and integrations at enterprise scale. Ability to create clear architecture documentation and diagrams.
• Programming & Tech Stack: Strong development skills in one or more programming languages (e.g. Java Go C# Python or similar) and familiarity with relational and NoSQL databases. Comfortable reviewing code and guiding teams in improving code quality performance and security.
• Leadership & Communication: Excellent leadership and social skills. Ability to influence and drive technical decisions across teams and to communicate sophisticated technical concepts to both technical and nontechnical partners. Prior experience mentoring engineers and leading technical projects or teams.
• Problem Solving: Proven track record fixing and resolving complex technical issues in a highpressure realtime processing environment. Strong analytical thinking and a proactive approach to identifying potential issues and innovating solutions.

Preferred Qualifications

• Industry Experience: Experience in the payments or ecommerce industry at scale such as working with payment service providers acquiring banks or large merchant payment systems. Familiarity with fraud risk management practices in retail/online commerce is a strong plus.
• Advanced Security Knowledge: Knowledge of advanced security frameworks and practices such as Zero Trust architecture secure SDLC threat modeling and incident response processes. Experience implementing DevSecOps practices and using infrastructureascode tools (Terraform/CloudFormation) to enforce security in provisioning.
• Certifications: Relevant industry certifications are a plus e.g. AWS Certified Solutions Architect (Professional level) or Google Cloud Professional Architect for cloud expertise Certified Information Systems Security Professional (CISSP) or Certified Cloud Security Professional (CCSP) for security or PCI Professional (PCIP) / Internal Security Assessor (PCIISA) for PCI compliance.
• Fraud/ML Tools: Exposure to modern fraud prevention tools and techniques. Experience working with or building machine learning models or rulebased systems for fraud detection and risk scoring can be an advantage.
• Performance and Scalability: Experience with performance engineering and tuning of highthroughput systems (Java GC tuning database indexing/sharding caching strategies like Redis etc.. Understanding of queuing and streaming systems (Kafka RabbitMQ etc. for building resilient data pipelines.

Education:

Bachelors degree in Computer Science or related field (required); Masters degree or higher in a relevant field (e.g. Computer Science Security or Data Systems) is preferred. An equivalent combination of education and experience will be considered.

At least 18 years of age

Legally authorized to work in the United States

Travel:

Travel Required (Yes/No):

DOT Regulated:

DOT Regulated Position (Yes/No):No

Safety Sensitive Position (Yes/No):No

Base Pay Range: $133500 $240700

Corporate Bonus Target: 20

The pay range above is the general base pay range for a successful candidate in the role. The successful candidates actual pay will be based on various factors such as work location qualifications and experience so the actual starting pay will vary within this range.

At TMobile employees in regular nontemporary roles are eligible for an annual bonus or periodic sales incentive or bonus based on their role. Most Corporate employees are eligible for a yearend bonus based on company and/or individual performance and which is set at a percentage of the employees eligible earnings in the prior year. Certain positions in Customer Care are eligible for monthly bonuses based on individual and/or team performance. To find the pay range for this role based on hiring location TMobile our benefits exemplify the spirit of One Team Together! A big part of how we care for one another is working to ensure our benefits evolve to meet the needs of our team members. Full and parttime employees have access to the same benefits when eligible. We cover all of the bases offering medical dental and vision insurance a flexible spending account 401(k) employee stock grants employee stock purchase plan paid time off and up to 12 paid holidays which total about 4 weeks for new fulltime employees and about 2.5 weeks for new parttime employees annually paid parental and family leave family building benefits backup care enhanced family support childcare subsidy tuition assistance college coaching short and longterm disability voluntary AD&D coverage voluntary accident coverage voluntary life insurance voluntary disability insurance and voluntary longterm care insurance. We dont stop there eligible employees can also receive mobile service & home internet discounts pet insurance and access to commuter and transit programs! To learn about TMobiles amazing benefits check out.

Never stop growing!
As part of the TMobile team you know the Uncarrier doesnt have a corporate ladderits more like a jungle gym of possibilities! We love helping our employees grow in their careers because its that shared drive to aim high that drives our business and our culture forward. By applying for this career opportunity youre living our values while investing in your career growthand we applaud it. Youre unstoppable!

TMobile USA Inc. is an Equal Opportunity Employer. All decisions concerning the employment relationship will be made without regard to age race ethnicity color religion creed sex sexual orientation gender identity or expression national origin religious affiliation marital status citizenship status veteran status the presence of any physical or mental disability or any other status or characteristic protected by federal state or local law. Discrimination retaliation or harassment based upon any of these factors is wholly inconsistent with how we do business and will not be tolerated.

Talent comes in all forms at the Uncarrier. If you are an individual with a disability and need reasonable accommodation at any point in the application or interview process please let us know by emailing or calling. Please note this contact channel is not a means to apply for or inquire about a position and we are unable to respond to nonaccommodation related requests.