Application Security Architect

The Application Security Architect (m/f/d) designs and implements secure application architectures, defining security controls and policies to protect applications from threats. They provide strategic guidance to developers and security teams. Location: Please note that the working location for this position will be in Madrid city centre , where we are currently setting up a new office location. Until the office is fully set-up within the next few months, you will have the possibility to work flexibly from home‑office and continue with a hybrid working model afterwards. This position is not a fully remote position, and an onsite presence will be required once our office location is ready. Creating passion: your responsibilities Develop and enforce application security architecture frameworks, policies, standards, and best practices to align with compliance requirements (e.g. OWASP, NIST, ISO 27001) Review and approve application security designs while ensuring secure software development and architecture Integrate security into the software development lifecycle (SDLC) by collaborating with development teams and enabling DevSecOps practices Adopt and promote a security‑by‑design approach with the different stakeholders Conduct threat modeling, security reviews, and risk assessments to proactively identify and mitigate vulnerabilities Evaluate, recommend, and oversee security tools and testing solutions (SAST, DAST, IAST) to strengthen application security Define security strategies for applications (e.g. IAM) and implement Security Principles such as Zero Trust Actively contribute to the Corporate Information Security architecture community, sharing insights and best practices Collaborate with IT, EA, DevOps and Engineering Team to align security Objectives Contributing your strengths: your qualifications Bachelor's/Master's in Cybersecurity, Computer Science, or related field 3+ years in cybersecurity, preferably in application security architecture role Following certificates are preferred; CISSP, SABSA as well as Cloud certifications (AWS, Azure, or GCP) English is a Must, German and French are a plus Good understanding of cybersecurity frameworks and standards (ISO 27001, NIST) Expertise in OWASP, SSDLC, and DevSecOps, with strong knowledge of secure software architecture Strong understanding of microservices security, API security, and IAM (e.g. OAuth, SAML, JWT) Knowledge of cloud‑native security and CI/CD integration (e.g. Jenkins, GitHub Actions) Experience with container security and cloud platforms (e.g. AWS, Azure, GCP, Docker, Kubernetes) Our commitment to you: your benefits As an internationally successful family business, the Liebherr Group offers you a secure job, a unique variety of tasks and exciting development opportunities. Become part of our strong team today and get to know the Liebherr Group as a reliable partner. Profit from these benefits: Attractive salary and social benefits Flexible and hybrid working Freedom for creative work Safe and secure workplace Individual development and training opportunities Meal voucher Life and accident insurance Exclusive offer for a premium private health insurance package Bonus payments for Christmas and holidays, based on the collective agreement Please only use the online application option. Please note that we do not accept applications via recruitment agencies for this position. Have we awoken your interest? Then we look forward to receiving your online application. If you have any questions, please contact Karoliina Rissanen. One Passion. Many Opportunities. The company Liebherr is a family‑run technology company that is not only one of the largest construction machinery manufacturers in the world, but also offers high‑quality, user‑oriented products and services in many other areas. The Group employs nearly 50,000 people in more than 140 companies on all continents. Location Liebherr IT Shared Service Centre Ibérica, S.L. Madrid Spain (ES) Contact Karoliina Rissanen #J-18808-Ljbffr