Application Security Architect

working location for this position will be in Madrid city centre, where we are currently setting up a new office location. Until the office is fully set-up within the next few months, you will have the possibility to work flexibly from home-office and continue with a hybrid working model afterwards. This position is not a fully remote position, and an onsite presence will be required once our office location is ready.

Creating passion: your responsibilities

• Develop and enforce application security architecture frameworks, policies, standards, and best practices to align with compliance requirements (e.g. OWASP, NIST, ISO 27001)
• Review and approve application security designs while ensuring secure software development and architecture
• Integrate security into the software development lifecycle (SDLC) by collaborating with development teams and enabling DevSecOps practices
• Adopt and promote a security-by-design approach with the different stakeholders
• Conduct threat modeling, security reviews, and risk assessments to proactively identify and mitigate vulnerabilities
• Evaluate, recommend, and oversee security tools and testing solutions (SAST, DAST, IAST) to strengthen application security
• Define security strategies for applications (e.g. IAM) and Implement Security Principles such as Zero Trust
• Actively contribute to the Coporate Information Security architecture community, sharing insights and best practices
• Collaborate with IT, EA, DevOps amd Engineering Team to align security Objectives

• Bachelor's/Master's in Cybersecurity, Computer Science, or related field
• 3+ years in cybersecurity, preferably in application security architecture role
• Following certificates are preferred; CISSP, SABSA as well as Cloud certifications (AWS, Azure, or GCP)
• English is a Must, German and French are a plus
• Good understanding of cybersecurity frameworks and standards (ISO 27001, NIST)
• Expertise in OWASP, SSDLC, and DevSecOps, with strong knowledge of secure software architecture
• Strong understanding of microservices security, API security, and IAM (e.g. OAuth, SAML, JWT)
• Knowledge of cloud-native security and CI/CD integration (e.g. Jenkins, GitHub Actions)
• Experience with container security and cloud platforms (e.g. AWS, Azure, GCP, Docker, Kubernetes)

As an internationally successful family business, the Liebherr Group offers you a secure job, a unique variety of tasks and exciting development opportunities. Become part of our strong team today and get to know the Liebherr Group as a reliable partner. Profit from these benefits:

• Attractive salary and social benefits
• Flexible and hybrid working
• Freedom for creative work
• Safe and secure workplace
• Individual development and training opportunities
• Meal voucher
• Life and accident insurance
• Exclusive offer for a premium private health insurance package
• Bonus payments for Christmas and holidays, based on the collective agreement

Liebherr is a family-run technology company that is not only one of the largest construction machinery manufacturers in the world, but also offers high-quality, user-oriented products and services in many other areas. The Group employs nearly 50,000 people in more than 140 companies on all continents.