Principal Engineer, Software - Payment & Fraud Technologies

At T-Mobile, we invest in YOU! Our Total Rewards Package ensures that employees get the same big love we give our customers. All team members receive a competitive base salary and compensation package - this is Total Rewards. Employees enjoy multiple wealth-building opportunities through our annual stock grant, employee stock purchase plan, 401(k), and access to free, year-round money coaches. That's how we're UNSTOPPABLE for our employees!

Key Responsibilities

• Technical Strategy - Define the technical roadmap and engineering strategy for payments and fraud systems. Make high-impact decisions on system design, technology selection, and architectural patterns (e.g. microservices, event-driven architectures) that align with long-term business goals.
• Hands-On Development - Lead by example with active involvement in coding, code reviews, and prototyping of critical platform components. Solve complex technical problems in real-time payment processing and implement solutions that improve performance, reliability, and security.
• Secure Cloud Infrastructure - Design and maintain a secure cloud environment (preferably on AWS or GCP) for the payment platform. Implement standard methodologies in identity and access management (IAM), network segmentation and VPC design, and data encryption (in transit and at rest using KMS or similar). Ensure cloud architecture aligns with security standards and regulatory requirements, using tools for intrusion detection, logging/monitoring, and cloud compliance audits.
• Payment Security & Compliance - Champion payment data security across the platform. Ensure end-to-end PCI DSS compliance for all payment processes and services, including implementing tokenization and encryption to protect critical cardholder data and reduce PCI scope. Design secure payment processing flows and APIs that guard against threats and fraud while maintaining a seamless customer experience. Collaborating with Compliance and InfoSec teams to pass audits and continuously strengthen our payment security posture.
• Fraud Prevention - Integrate and enhance fraud detection mechanisms within the platform. Architect solutions for real-time fraud scoring, anomaly detection, and risk rules engine to minimize fraudulent transactions. Optimize workflows to balance robust fraud prevention with low false positives, protecting revenue and customer trust. Evaluate emerging fraud prevention tools, machine learning models, or third-party services, and lead proof-of-concept efforts to improve our fraud detection capabilities.
• Kubernetes & Container Security - Oversee the security of our containerized applications and Kubernetes orchestration. Implement Kubernetes security practices: ensure secure pod configurations (e.g. least privilege, no privileged containers), implement network policies for pod communication, and handle cluster RBAC for strict access control. Manage secrets and critical configuration using secure stores, and deploy runtime security measures (monitoring, vulnerability scanning, image security policies) to protect the platform's container environment.
• Resilience - Design for high availability and disaster recovery. Implement redundancy, failover mechanisms, and graceful degradation strategies across services to ensure uninterrupted payment processing. Lead initiatives for chaos testing and simulation of failure scenarios to continually improve system robustness.
• Architect & Lead - Design and evolve a scalable, fault-tolerant system capable of high transaction volumes with near-zero downtime. Provide technical leadership and mentorship to engineering teams, setting coding, design, and quality standards.
• Performance & Scalability - Continuously optimize platform performance. Guide the design of low-latency, high-throughput transaction processing pipelines and tune systems (databases, caches, messaging systems) for optimal operation under heavy load. Use metrics and monitoring (APM, logging, dashboards) to identify bottlenecks and drive improvements.
• multi-functional Collaboration - Work closely with product managers, business customers, and other engineering teams to align the payment platform's capabilities with business requirements. Translate business needs (new payment methods, international payments, new fraud patterns) into technical designs. Collaborate with Security, Cloud Infrastructure, and DevOps teams to implement a DevSecOps approach, ensuring security and compliance are integrated into the development and deployment lifecycle.
• Innovation & Continuous Improvement - Stay up-to-date with industry trends in payments, fintech, and cloud security. Evaluate and recommend new technologies, frameworks, or approaches (e.g. serverless components, encryption techniques, payment protocols like 3DS, etc.) that could enhance the platform. Lead proof-of-concept projects and drive continuous improvement of development processes, tools, and standards.
• Mentorship & Leadership - Serve as a mentor and coach for engineers on the team. Conduct design reviews and security reviews, share knowledge of best practices in building secure and scalable systems, and foster a culture of engineering excellence and accountability. Provide thought leadership in engineering forums and contribute to the growth of the technical organization.

Required Qualifications

• Experience: 10+ years of software engineering experience, with at least 5 years in designing and building large-scale, distributed systems (preferably in payments, fintech, or e-commerce domains). Proven track record as a senior or lead engineer/architect for critically important platforms handling high transaction levels.
• Domain Knowledge: In-depth understanding of payment processing systems (transaction lifecycles, payment gateways, card networks, alternative payment methods) and fraud detection techniques. Hands-on experience implementing or integrating payment gateways, fraud/risk engines, or similar financial systems is required.
• Cloud Expertise: Strong experience with cloud platforms (AWS and/or GCP) in a production environment. Ability to design cloud-native systems applying services such as EC2/ECS/EKS or GCE/GKE, RDS/Cloud SQL, load balancers, messaging/queue systems, etc. Solid grasp of cloud infrastructure security - including IAM policies, VPC network design, security groups/Firewall rules, data encryption (SSL/TLS, KMS), and monitoring/auditing.
• Security & Compliance: Deep knowledge of PCI DSS requirements and experience ensuring compliance in payment systems. Familiarity with secure coding practices and standards for handling critical data. Demonstrated experience implementing tokenization, encryption, and other techniques to protect payment data and reduce systems in PCI scope. Understanding of privacy and compliance considerations in a large merchant context.
• Containerization & Kubernetes: Hands-on experience deploying and managing applications in Kubernetes (on cloud or on-prem). Proficiency with Docker/containerization, and managing container security (image scanning, using minimal base images, handling secrets). Knowledge of Kubernetes components (pods, services, ingress, etc.) and security controls (RBAC, Network Policies, pod security contexts).
• Architecture & Systems Design: Exceptional skills in designing highly available, fault-tolerant architectures. Experience with microservices architecture, event-driven or message-driven systems, and designing APIs and integrations at enterprise scale. Ability to create clear architecture documentation and diagrams.
• Programming & Tech Stack: Strong development skills in one or more programming languages (e.g. Java, Go, C#, Python, or similar) and familiarity with relational and NoSQL databases. Comfortable reviewing code and guiding teams in improving code quality, performance, and security.
• Leadership & Communication: Excellent leadership and social skills. Ability to influence and drive technical decisions across teams and to communicate sophisticated technical concepts to both technical and non-technical partners. Prior experience mentoring engineers and leading technical projects or teams.
• Problem Solving: Proven track record fixing and resolving complex technical issues in a high-pressure, real-time processing environment. Strong analytical thinking and a proactive approach to identifying potential issues and innovating solutions.

Preferred Qualifications

• Industry Experience: Experience in the payments or e-commerce industry at scale, such as working with payment service providers, acquiring banks, or large merchant payment systems. Familiarity with fraud risk management practices in retail/online commerce is a strong plus.
• Advanced Security Knowledge: Knowledge of advanced security frameworks and practices, such as Zero Trust architecture, secure SDLC, threat modeling, and incident response processes. Experience implementing DevSecOps practices and using infrastructure-as-code tools (Terraform/CloudFormation) to enforce security in provisioning.
• Certifications: Relevant industry certifications are a plus - e.g. AWS Certified Solutions Architect (Professional level) or Google Cloud Professional Architect for cloud expertise, Certified Information Systems Security Professional (CISSP) or Certified Cloud Security Professional (CCSP) for security, or PCI Professional (PCIP) / Internal Security Assessor (PCI-ISA) for PCI compliance.
• Fraud/ML Tools: Exposure to modern fraud prevention tools and techniques. Experience working with or building machine learning models or rule-based systems for fraud detection and risk scoring can be an advantage.
• Performance and Scalability: Experience with performance engineering and tuning of high-throughput systems (Java GC tuning, database indexing/sharding, caching strategies like Redis, etc.). Understanding of queuing and streaming systems (Kafka, RabbitMQ, etc.) for building resilient data pipelines.

Education:

Bachelor's degree in Computer Science or related field (required); Master's degree or higher in a relevant field (e.g. Computer Science, Security, or Data Systems) is preferred. An equivalent combination of education and experience will be considered.

* At least 18 years of age

* Legally authorized to work in the United States

Travel:

Travel Required (Yes/No):

DOT Regulated:

DOT Regulated Position (Yes/No):No

Safety Sensitive Position (Yes/No):No

The pay range above is the general base pay range for a successful candidate in the role. The successful candidate's actual pay will be based on various factors, such as work location, qualifications, and experience, so the actual starting pay will vary within this range.

At T-Mobile, our benefits exemplify the spirit of One Team, Together! A big part of how we care for one another is working to ensure our benefits evolve to meet the needs of our team members. Full and part-time employees have access to the same benefits when eligible. We cover all of the bases, offering medical, dental and vision insurance, a flexible spending account, 401(k), employee stock grants, employee stock purchase plan, paid time off and up to 12 paid holidays - which total about 4 weeks for new full-time employees and about 2.5 weeks for new part-time employees annually - paid parental and family leave, family building benefits, back-up care, enhanced family support, childcare subsidy, tuition assistance, college coaching, short- and long-term disability, voluntary AD&D coverage, voluntary accident coverage, voluntary life insurance, voluntary disability insurance, and voluntary long-term care insurance. We don't stop there - eligible employees can also receive mobile service & home internet discounts, pet insurance, and access to commuter and transit programs! To learn about T-Mobile's amazing benefits, check out www.t-mobilebenefits.com.

Never stop growing!
As part of the T-Mobile team, you know the Un-carrier doesn't have a corporate ladder-it's more like a jungle gym of possibilities! We love helping our employees grow in their careers, because it's that shared drive to aim high that drives our business and our culture forward. By applying for this career opportunity, you're living our values while investing in your career growth-and we applaud it. You're unstoppable!

T-Mobile USA, Inc. is an Equal Opportunity Employer. All decisions concerning the employment relationship will be made without regard to age, race, ethnicity, color, religion, creed, sex, sexual orientation, gender identity or expression, national origin, religious affiliation, marital status, citizenship status, veteran status, the presence of any physical or mental disability, or any other status or characteristic protected by federal, state, or local law. Discrimination, retaliation or harassment based upon any of these factors is wholly inconsistent with how we do business and will not be tolerated.

Talent comes in all forms at the Un-carrier. If you are an individual with a disability and need reasonable accommodation at any point in the application or interview process, please let us know by emailing ApplicantAccommodation@t-mobile.com or calling 1-844-873-9500. Please note, this contact channel is not a means to apply for or inquire about a position and we are unable to respond to non-accommodation related requests.