We are growing our Global Corporate Information Security team and we are seeking a Product Owner for Network Security - Segmentation & Firewall Platforms (m/f/d) to own, operate, and continuously evolve our enterprise network segmentation and firewall enforcement capabilities.
This is a hands‐on, senior engineering role with end‐to‐end responsibility for network traffic control, covering both north‐south and east‐west flows, across on‐premises, hybrid, and cloud environments.
You will be the technical authority for segmentation strategy, firewall platforms, and firewall governance. Vendor brand is secondary, strong networking fundamentals, security architecture reasoning, and engineering judgment are mandatory.
This role reports to the Head of Network Security.
The working location for this position will be in Madrid city, where we operate a hybrid model, requiring at least 40% of the working time on‐site.
Creating passion: your responsibilitiesProduct & Service Ownership
Own the Segmentation & Firewall service end‐to‐end, including:
Network segmentation (macro and microsegmentation).
Firewall platforms (physical, virtual, cloud, FWaaS).
Firewall governance and policy lifecycle.
Define and maintain segmentation models, firewall standards, and reference architectures.
Act as the primary technical point of contact for all segmentation and firewall‐related topics.
Drive service evolution through roadmap planning, technical debt reduction, and continuous improvement.
Engineering & Operations
Operate as L2/L3 escalation for firewall and segmentation‐related incidents:
Deep technical troubleshooting.
Ownership of incidents from escalation to closure.
Vendor coordination for high‐severity cases.
Delivery of Root Cause Analysis (RCA) and corrective actions.
Ensure firewall platforms are:
Properly configured and hardened.
Running supported and recommended software versions.
Maintained with controlled, tested policy changes.
Own hardware, virtual appliance, and subscription lifecycles.
Enablement & Leadership
Work closely with:
Network engineering teams, Cloud and platform teams, Application and WAS owners, SOC and incident response teams.
Provide technical guidance and training to internal engineers and external partners.
Act as a reference authority in insourced or outsourced / MSSP models.
Contributing your strengths: your qualifications
Bachelor's or Master's degree in Cybersecurity, Computer Science, Information Systems, or a related field.
Strong background in network engineering, including: TCP/IP, routing, VLANs, VRFs. Network traffic flows and trust boundaries.
Solid understanding of network security architecture principles.
Ability to reason about complex environments and failure modes.
Proven hands‐on experience operating enterprise firewall platforms.
Strong understanding of:
Stateful vs stateless inspection.
L3‐L7 policy enforcement.
East‐west and north‐south traffic control.
Experience designing and operating segmentation and microsegmentation models.
Familiarity with FWaaS and cloud‐native firewall constructs.
Strong experience with firewall policy management and assurance platforms in multi‐vendor environments, including how to operate them in line with industry best practices.
Practical understanding of how such platforms support:
Policy compliance.
Risk analysis.
Change validation.
Audit and reporting requirements.
Working knowledge of: Load balancing, IPAM, WAN technologies, Virtualized and cloud networking.
Exposure to SASE concepts (FWaaS, ZTNA, SWG) is an advantage.
Experience with one or more of the following vendors is beneficial, but vendor lock‐in is not expected: Palo Alto Networks, Check Point, Fortinet, Cisco, Cloud and FWaaS providers.
Relevant vendor or industry certifications are valued.
Fluency in English (written and spoken).
Our commitment to you: your benefits
Competitive compensation and benefits package that recognizes your expertise
Flexible and hybrid working model
Creative freedom and responsibility to shape processes and solutions in our global transformation
Continuous learning and development with tailored training and certification opportunities
Meal vouchers
Life and accident insurance
Option to include a premium private health insurance package as part of the flexible remuneration
A safe, stable and international workplace within a trusted family business that invests in people
LocationLiebherr IT Shared Service Centre Ibérica, S.L.
Parque Norte. Alamo building Serrano Galvache, 56
28033 Madrid
Spain (ES)
ContactKaroliina Rissanen
karoliina.rissanen@liebherr.com
#J-18808-Ljbffr