Security Specialist

Derq is an MIT spinoff powering the future of connected and autonomous roads, enhancing road safety and traffic management through our AI-driven smart infrastructure platform. Recently, we secured strategic investments from e& Capital and AT&T Ventures, fueling our growth and mission to make cities smarter and safer.

We're a team of passionate innovators, leveraging the latest in AI and technology to transform the future of mobility. With funding from e& Capital and AT&T Ventures, we're scaling rapidly across the U.S., GCC, and beyond.

Joining us means being at the forefront of smart infrastructure innovation, working alongside industry experts, and directly impacting road safety and autonomous technology. Together, we're creating a safer, smarter, and more sustainable future.

Role Overview

We're looking for a Security Specialist to help strengthen Derq's security posture as we scale our platform. This role focuses on application, cloud, and data security, working closely with Engineering, Product, and Infrastructure teams to embed security into how we build and operate.

This is a hands-on role with real ownership, not a purely advisory position.

Responsibilities

Platform & Application Security

• Identify, assess, and mitigate security risks across Derq's platform and services
• Support secure design reviews for new features and architectures
• Conduct threat modeling and risk assessments
• Partner with engineering teams on secure coding practices and remediation
  
  

Cloud & Infrastructure Security

• Help secure cloud environments (AWS, GCP, Azure)
• Review IAM, access controls, secrets management, and network security
• Support vulnerability scanning and remediation efforts
• Monitor and respond to security incidents
  
  

Security Operations

• Define and improve security policies, standards, and controls
• Support incident response and post-incident reviews
• Work with external vendors, auditors, and customers on security-related questions
• Help prepare for security assessments (SOC 2, ISO 27001, customer security reviews)
  
  

Awareness & Enablement

• Partner with Engineering and Product to embed security early in the development lifecycle
• Raise security awareness across teams without slowing delivery
• Contribute to internal documentation and security best practices
  
  

Requirements

• 6-8+ years of experience in security engineering, application security, or cloud security
• Strong understanding of web application security (OWASP Top 10)
• Experience securing cloud-based platforms, including IAM, networking, and encryption
• Familiarity with CI/CD security, vulnerability scanning, and monitoring tools
• Comfortable working in fast-moving, startup environments
• Able to clearly explain security risks to non-security stakeholders
• Experience with SOC 2, ISO 27001, or similar frameworks
• Experience in IoT, ITS, smart mobility, or data-heavy platforms is a plus
• Scripting or automation skills (e.g., Python, Bash)
• Background working closely with product and engineering teams