OWASP top 10
Hook Code audit tool on pipeline
Enforce encryption at rest and in-flight
Force logging & monitoring
Know at least one application security scanner tool
Know the fundamentals (AAA, PoLP, RBAC)
Share knowledge with devs and across teams