Do you have an individual that gets assigned a security role and takes on the perspective of analyzing architecture early on? Gets involved in story planning/requirements building? Do you have someone that is dedicated to security that does this?
I think it's really important for security to be everyone's job. And I don't just mean every engineer; I mean every single person at a company from the CEO to the housekeeping staff.
Some people are experts, and they can have a large sphere of influence. Other people aren't experts, and their sphere of influence will be smaller. But everyone should think about the security and privacy implications of the work they do, whether that work is managing infrastructure, writing code, reading emails, answering phone calls, or cleaning the office.
In terms of engineering specifically, I think one of the most valuable things each engineer can do is think about how to break stuff.
Security is fundamentally about information: who can see it, who can change it, and the processes through which those things happen. So when I'm planning a change or writing code or configuring infrastructure or something, I try to imagine the information that will be flowing through the features I'm planning, the code I'm writing, or the services I'm configuring. I imagine the roadblocks it'll encounter and the unexpected detours it might take. In less abstract terms: I try to think of ways to break the stuff I'm building, and then I do my best to prevent that from happening.
Prevention may mean doing something simple like ensuring that user input gets sanitized properly, or it may mean seeking out an expert who can help me understand something more complicated that I don't fully understand yet.