Application Security Architect (m/f/d)

The Application Security Architect (m/f/d) designs and implements secure application architectures, defining security controls and policies to protect applications from threats. They provide strategic guidance to developers and security teams.

Please note that the working location for this position will be in Madrid city centre, where we are currently setting up a new office location. Until the office is fully set-up within the next few months, you will have the possibility to work flexibly from home‑office and continue with a hybrid working model afterwards. This position is not a fully remote position, and an onsite presence will be required once our office location is ready.

• Develop and enforce application security architecture frameworks, policies, standards, and best practices to align with compliance requirements (e.g. OWASP, NIST, ISO 27001)
• Review and approve application security designs while ensuring secure software development and architecture
• Integrate security into the software development lifecycle (SDLC) by collaborating with development teams and enabling DevSecOps practices
• Adopt and promote a security‑by‑design approach with the different stakeholders
• Conduct threat modeling, security reviews, and risk assessments to proactively identify and mitigate vulnerabilities
• Evaluate, recommend, and oversee security tools and testing solutions (SAST, DAST, IAST) to strengthen application security
• Define security strategies for applications (e.g. IAM) and implement Security Principles such as Zero Trust
• Actively contribute to the Corporate Information Security architecture community, sharing insights and best practices
• Collaborate with IT, EA, DevOps and Engineering Team to align security Objectives

• Bachelor's/Master's in Cybersecurity, Computer Science, or related field
• 3+ years in cybersecurity, preferably in application security architecture role
• Following certificates are preferred; CISSP, SABSA as well as Cloud certifications (AWS, Azure, or GCP)
• English is a Must, German and French are a plus
• Good understanding of cybersecurity frameworks and standards (ISO 27001, NIST)
• Expertise in OWASP, SSDLC, and DevSecOps, with strong knowledge of secure software architecture
• Strong understanding of microservices security, API security, and IAM (e.g. OAuth, SAML, JWT)
• Knowledge of cloud‑native security and CI/CD integration (e.g. Jenkins, GitHub Actions)
• Experience with container security and cloud platforms (e.g. AWS, Azure, GCP, Docker, Kubernetes)

As an internationally successful family business, the Liebherr Group offers you a secure job, a unique variety of tasks and exciting development opportunities. Become part of our strong team today and get to know the Liebherr Group as a reliable partner. Profit from these benefits:

• Attractive salary and social benefits
• Flexible and hybrid working
• Freedom for creative work
• Safe and secure workplace
• Individual development and training opportunities
• Meal voucher
• Life and accident insurance
• Exclusive offer for a premium private health insurance package
• Bonus payments for Christmas and holidays, based on the collective agreement

Please only use the online application option.

Please note that we do not accept applications via recruitment agencies for this position.

Have we awoken your interest? Then we look forward to receiving your online application. If you have any questions, please contact Karoliina Rissanen.

Liebherr is a family‑run technology company that is not only one of the largest construction machinery manufacturers in the world, but also offers high‑quality, user‑oriented products and services in many other areas. The Group employs nearly 50,000 people in more than 140 companies on all continents.

Liebherr IT Shared Service Centre Ibérica, S.L.
Madrid
Spain (ES)

Karoliina Rissanen
karoliina.rissanen@liebherr.com