These days cloud application developers are also security engineers. Who did not see this coming, given that application-level security is no longer an option? Also, we are pushing developers to build applications at scale, meaning they are becoming ops engineers and database engineers as well as security engineers, which is scary.
The fact that most developers are not security experts is not lost on me. This has led to devsecops practices where developers are given training, tools, and processes to build and deploy more secure cloud-based applications.