In most large organizations, security and engineering operate in different orbits. Security identifies risks. Engineering builds features. When they interact, it’s usually because something needs to be blocked or approved.
The gap isn’t technical. Security engineers understand code. Software engineers understand threat models. The gap is incentive alignment.
Security is measured by absence of incidents. Engineering is measured by delivery velocity. When those metrics conflict, neither team wins. The organization just accumulates technical debt disguised as process.