AppSec Jobs
← Back to all jobs

Liebherr Group

Application Security Architect (m/f/d)

Madrid, Community of Madrid, SpainWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Liebherr Group

Liebherr Group is a family-owned multinational engineering and technology company founded in 1949 in Kirchdorf, Germany. It specializes in construction machinery, aerospace systems, maritime equipment, and refrigeration products. With around 51,000 employees across more than 50 countries, Liebherr operates over 140 companies worldwide. The company began as a small construction firm and quickly grew through innovation, notably inventing the tower crane to aid post-war reconstruction in Europe. Liebherr's diverse product range includes hydraulic excavators, cranes, concrete technology, maritime cranes, and aerospace components. The company also offers gear technology, automation systems, and refrigeration appliances. Liebherr emphasizes reliability and technological advancement, providing research and development services to enhance payloads and applications across various sectors. Its global presence includes numerous factories and offices, supporting industries such as construction, mining, shipping, and aviation.

Industry

machinery

Employees

55,000

885 engineers

Revenue

$17B

Website

Visit →

Security at Liebherr Group

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Liebherr maintains a Product Security Incident Response Team (PSIRT) responsible for coordinating product security issues.
  • Liebherr publicly states it does not offer a monetary bug bounty, and plans a Hall of Fame for significant reporters.
  • Job postings explicitly describe AppSec responsibilities as integrating security into the SDLC, enabling DevSecOps, threat modeling, and recommending SAST/DAST/IAST tools.

Security Team

  • A Head of Application Security role is defined to report to the Head of Digital Security.
  • Public contacts listed on job pages include Regina Abou el Naga and Karoliina Rissanen.
  • Multiple AppSec-related job postings were live as of (Application Security Architect, Application Security Engineer, Vulnerability Management Product Owner, Head of Application Security).

Key Initiatives

  • Vulnerability management responsibilities include detection, response, remediation support, integrating threat intelligence (KEV, EPSS), automated ticketing, and KPIs/SLAs.
  • AppSec roles are tasked to implement SAST, DAST, IAST, integrate automated security testing into CI/CD, and collaborate with developers for remediation.
  • PSIRT emphasizes coordinated disclosure and encourages reporting from researchers, CERTs, partners, and customers.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.