Security Engineer Guide
AI-assisted development increases delivery speed and expands security risk exposure. This guide helps security engineers enforce practical controls without blocking engineering throughput.
What This Guide Covers
| Section | Outcome |
|---|---|
| Secure Coding Guardrails | Standardized secure coding checks for AI-generated code |
| Threat Modeling AI Code | Lightweight threat modeling integrated into PR workflow |
| Vulnerability Response SLAs | Severity-based remediation workflow with clear ownership |
Primary Standards
- PRD-STD-004: Security Scanning
- PRD-STD-008: Dependency & License Compliance
- PRD-STD-002: Code Review
First 30 Days
- Define mandatory AppSec gates for all AI-assisted PRs.
- Align scan thresholds with severity-based SLAs.
- Publish an approved secure-prompt pack in
prompt-library/by-role/security-engineer/.