Staff+ engineers play a critical role in designing, scaling and influencing the security posture of an organization. Their key areas of expertise include developing security strategy and governance, incident response leadership, automation, compliance/risk management and cross-org collaboration to shape security culture. Together, these capabilities are essential to enhance application security and the effectiveness of their organizations.
However, in our experience, we have seen that many staff+ security engineers face scaling challenges. Instead of leveraging their expertise to drive broad, cross-stack impact, they tend to concentrate on specific incidents or focus areas, which limits their ability to extend their influence and strategic reach. Such a scaling problem has consequences on the organization and its personal goals.
Also, leadership considers staff+ engineers as trusted advisors, helping them make high-judgment decisions. However, when engineers tend to get stuck on specific tactical incidents or solutions, leaders are left without their strategic insights. Conversely, staff+ engineers who are too busy in the weeds, miss to proactively look out for their “leaders’ problems.” Leaders perceive these engineers as too busy and hesitate to increase their scope and loop them in broader discussions, which ultimately leads to missed opportunities for the staff+ security engineers.
