The Security Engineering Stack

Claude skills for security engineers and AppSec teams cover both the technical and compliance dimensions of security work — threat modeling and code review on one side, ISO 27001 and GDPR documentation on the other. Most security teams handle these separately. This stack covers both so engineers have structured support for security decisions and the compliance documentation that comes alongside them.

What these skills do

Senior Security Engineer

Get senior security engineering perspective on architecture decisions — threat modeling, security design review, zero-trust implementation, authentication and authorization patterns, and the security tradeoffs that affect system design. Useful for reviewing new systems, assessing existing ones, or making decisions on security controls.

Environment & Secrets Manager

Design and implement secrets management practices — secret rotation, environment variable handling, vault configuration, and the operational security patterns that prevent credential exposure in development and production systems. Covers common platforms and the CI/CD integration patterns that matter in practice.

GDPR Expert

Assess data processing activities against GDPR requirements, draft privacy notices and data processing agreements, run Data Protection Impact Assessments, and document the lawful basis for processing activities. Covers the specific requirements for special category data and the cross-border transfer mechanisms that apply post-Schrems II.

Information Security Manager — ISO 27001

Design and document an information security management system to ISO 27001 standard — risk assessment methodology, Annex A control selection, Statement of Applicability, and the documentation structure that supports certification. Covers both initial ISMS design and the ongoing maintenance requirements.

ISMS Audit Expert

Prepare for and conduct ISMS audits — internal audit planning, evidence gathering, control effectiveness assessment, nonconformity identification, and the audit reporting format that gives leadership a clear picture of ISMS health.

Who this is for

• Security engineers and AppSec teams doing threat modeling and security code review
• Engineering teams implementing zero-trust architecture or managing secrets at scale
• Security leads responsible for ISO 27001 certification or ISMS audit preparation
• Engineering teams in regulated industries where GDPR compliance is a recurring requirement

For broader infrastructure security including CI/CD pipeline security, see the DevOps & Platform Stack. For the compliance and quality management angle in regulated industries, see the Compliance & Quality Stack.