Security Engineer

“The Security Engineer implements security policy within the product”


Security Engineers are responsible for ensuring that product is produced and maintained in a way that is secure and facilitates ongoing monitoring and intrusion detection.


As a Security Engineer, I need to be able to apply best known methods for security to the implementation of product features. I must be able to test all application code against a defined set of standards. I must be able to understand the levels of risk present within our software supply chain.

I need to be able to continuously scan all our assets for newly evolving vulnerabilities that occur within our dependency tree. I must be able to monitor all production environments for signs of attack or intrusion.

Should an incident occur, I must be able to support the response and preserve forensic data, as required. I need to have control over who can access and change specific assets and must have an audit trail of all such changes.

I need to be able to apply security patches in the shortest possible time following the discovery of a zero day vulnerability.

Value Add from Continuous Delivery

  • Reduced lead times in delivering new capabilities
  • Reduced time to restore from failure
  • Reduced change failure rates
  • Increased deployment frequency
  • Automated testing
  • Automated deployment
  • Ongoing asset inspection
Last modified September 12, 2022: Added remaining Views and Viewpoints (b3bfaac)