There are several roles that are pertinent to security. Remember that these are roles, not positions. Small organizations may have a single person taking on every one of these roles whereas a large organization could have dozens of fine-grained positions. Remember, context counts. We define the following key roles for Disciplined Agile (DA) security:
- Security engineer. Helps teams to understand security fundamentals, to act in such a way as to help secure your organization’s tangible and intangible assets, and to produce secure offerings for their customers. Will help to build a secure operational infrastructure and to evaluate and potentially adopt security tooling — including but not limited to testing tools, code analysis tools, development tool kits, and security infrastructure products. Security engineers will work with external security experts and practitioners to keep abreast of evolving security threats.
- Security manager. A functional manager who leads the security team. The will often work with enterprise architects as a security expert/stakeholder, with executive leadership to help them understand the implications of security, and with external security experts and practitioners to keep abreast of evolving security threats.