7 Claude Skills for Security Engineers That Speed Up the Analysis Work
The best Agent Skills for security engineers and AppSec teams — threat modeling, SAST/DAST, CVE triage, GDPR, ISO 27001, secrets management, and more. Works with Claude Code.
A CVE drops on a Friday afternoon. By Monday you need to know if your dependency tree is affected, severity score in context, and a prioritised remediation plan. Meanwhile, the ISO 27001 surveillance audit is in six weeks and the ISMS documentation hasn’t been updated since the last one. And the new product feature ships next sprint — someone needs to threat model it before it goes to production.
The analysis work — the judgment calls about what’s a real risk, what’s a false positive, how severe a finding actually is in your environment — requires deep expertise and can’t be templated. The surrounding layer — threat model documents, compliance frameworks, audit evidence, architecture review reports, GDPR DPIAs — follows defined structures and takes time that should be going into the analysis. Agent Skills handle the documentation and process layer so engineers can spend more time on the analysis itself. Install a skill once and Claude produces that deliverable the same way every time, following the same framework, at the same level of rigour.
The seven skills below cover the full security engineering scope: architecture review, SecOps, dependency auditing, secrets management, GDPR compliance, ISO 27001 ISMS design, and ISMS auditing. A note before we start: these are reasoning and documentation tools. Security judgment and final verification always stay with the engineer.
The skills
1. Senior Security Engineer
Security architecture decisions made early are cheap to change. Security architecture decisions discovered late — in a pentest, a bug bounty report, or an incident — are expensive. The difference is usually whether the attack surface got a structured review before the system was built.
The Senior Security Engineer skill gives Claude a structured senior security engineering perspective on architecture and design questions: threat modeling for a new system or feature, authentication and authorisation control design, zero-trust architecture principles applied to a specific environment, security code review for common vulnerability patterns, and the attack surface analysis that surfaces issues before they reach production.
Use it when reviewing a new system’s attack surface before it goes to production, when designing authentication and authorisation controls for a new service, or when working through a security architecture decision and you want a structured second opinion before committing to an approach.
npx skills add alirezarezvani/claude-skills --skill engineering-team/senior-security2. Senior SecOps Engineer
Security operations work — scanning, triage, remediation prioritisation, compliance preparation — is high-volume and highly structured. The same CVE triage process, the same SAST scan review, the same SOC2 control evidence collection. Doing it consistently and efficiently across a large codebase and a growing vulnerability backlog requires a structured workflow.
The Senior SecOps Engineer skill gives Claude a structured senior SecOps perspective on operational security work: SAST and DAST scanning automation and results interpretation, CVE triage methodology and remediation prioritisation frameworks, SOC2 compliance workflow design and evidence collection, and the security operations processes that keep a team ahead of the vulnerability backlog rather than perpetually behind it.
Use it when prioritising a vulnerability backlog and you need a framework for deciding which findings to address in what order, when designing a scanning pipeline and you want a structured approach to integrating SAST/DAST into CI/CD, or when preparing for a SOC2 audit and you need a structured view of the required evidence.
npx skills add alirezarezvani/claude-skills --skill engineering-team/senior-secops3. Dependency Auditor
Third-party dependencies are the largest uncontrolled attack surface in most codebases. A CVE in a transitive dependency, a package with a permissive license that creates legal risk, an outdated library version that’s no longer receiving security patches — these issues accumulate quietly and surface at the worst times.
The Dependency Auditor skill gives Claude a structured approach to auditing project dependencies: scanning for known vulnerabilities mapped to CVE severity, identifying outdated packages and their upgrade paths, flagging license types that create legal or compliance risk, identifying dependency bloat, and producing a prioritised remediation plan that distinguishes the critical fixes from the nice-to-haves.
Use it before any release where a CVE in the dependency tree would be a problem, when a new CVE drops and you need to assess whether your dependency tree is affected, or as a regular audit cadence on projects where the dependency graph has grown without systematic review.
npx skills add alirezarezvani/claude-skills --skill engineering/dependency-auditor4. Environment & Secrets Manager
Credential sprawl is one of the most consistent sources of security incidents in engineering organisations. Secrets hardcoded in source files, rotation policies that exist on paper but not in practice, CI/CD pipelines with broader secret access than they need, local development environments with production credentials — the exposure accumulates as the team and the infrastructure grow.
The Environment & Secrets Manager skill gives Claude a structured approach to designing secure secrets management workflows: vault configuration and access policy design, rotation policy implementation (automatic and manual), environment variable hygiene across local, staging, and production, CI/CD pipeline integration that scopes secret access to the minimum required, and developer-friendly secret distribution that doesn’t create shadow secret stores.
Use it when designing secrets management for a new service or environment, when auditing how credentials are currently handled across an existing system, or when a security review has identified secrets management as a gap that needs structured remediation.
npx skills add alirezarezvani/claude-skills --skill engineering/env-secrets-manager5. GDPR/DSGVO Expert
GDPR compliance is a continuous operational requirement, not a one-time implementation project. New features that touch personal data require DPIAs. Data processing agreements need to be in place with vendors before data flows to them. Data subject requests have statutory response timelines. Privacy policies need to reflect the actual processing activities, not an idealised version of them.
The GDPR/DSGVO Expert skill gives Claude a structured approach to EU GDPR and German DSGVO compliance: data processing agreement review and drafting, DPIA design and documentation for new features or processing activities, privacy policy review against actual processing activities, consent management workflow design, and data subject rights response procedures (access, erasure, portability, objection).
Use it when a new feature involves personal data processing and a DPIA is required before launch, when onboarding a new vendor who will process personal data on your behalf, or when preparing for a data protection audit and you need structured documentation of your processing activities and controls.
npx skills add alirezarezvani/claude-skills --skill ra-qm-team/gdpr-dsgvo-expert6. Information Security Manager (ISO 27001)
Building an ISMS to ISO 27001 standard is a substantial documentation project. The risk assessment methodology, the risk treatment plan, the Statement of Applicability, the Annex A control documentation, the policies and procedures — the documentation requirements are extensive even when the underlying security controls are already in place.
The Information Security Manager (ISO 27001) skill gives Claude a structured approach to designing and documenting an ISMS: risk assessment methodology design using the ISO 27005 framework, risk register construction and risk treatment plan documentation, Annex A control selection and justification, Statement of Applicability with inclusion/exclusion rationale, and the policy and procedure documentation that supports the control framework.
Use it when building an ISMS from scratch for an initial ISO 27001 certification, when updating existing ISMS documentation to reflect scope changes or control additions, or when preparing the documentation package for an upcoming certification audit.
npx skills add alirezarezvani/claude-skills --skill ra-qm-team/information-security-manager-iso270017. ISMS Audit Expert
Internal audits are the mechanism that keeps an ISMS credible between certification cycles. They surface control gaps before external auditors do, produce the evidence of continuous improvement that certification bodies look for, and create the documented audit trail that demonstrates the ISMS is operating as designed rather than existing only on paper.
The ISMS Audit Expert skill gives Claude a structured approach to conducting ISO 27001 internal audits: audit planning and scope definition, audit criteria mapping to the control set, evidence collection methodology, nonconformance identification and classification (major vs. minor), corrective action recommendations, and management review preparation that synthesises the audit findings into a decision-ready format.
Use it when running an internal audit cycle — either as an annual programme or as a focused audit of a specific control domain. Also useful for preparing the evidence package before an external certification or surveillance audit, where a structured pre-audit review can identify gaps before the auditor does.
npx skills add alirezarezvani/claude-skills --skill ra-qm-team/isms-audit-expertHow these skills chain together
Here’s how these skills map to two common security engineering scenarios: launching a new feature and preparing for ISO 27001 certification.
Launching a new feature: Use Senior Security Engineer during design review — threat model the feature before it’s built. Use GDPR/DSGVO Expert if the feature touches personal data — DPIA before launch. Use Environment & Secrets Manager to review how credentials are handled if the feature introduces new service-to-service authentication. Use Dependency Auditor before the feature ships to check the dependency tree.
Running a SOC2 or ISO 27001 programme: Use Information Security Manager (ISO 27001) to build or update the ISMS documentation. Use ISMS Audit Expert to run the internal audit cycle. Use Senior SecOps Engineer to assess the operational controls and prepare the SOC2 evidence. Use GDPR/DSGVO Expert to ensure data protection controls are documented correctly.
Ongoing security operations: Use Senior SecOps Engineer for vulnerability triage and remediation prioritisation. Use Dependency Auditor on a regular cadence and before every release. Use Environment & Secrets Manager when expanding to new services or environments.
Want the full set?
The Security Engineering Stack bundles threat modeling, secrets management, GDPR compliance, ISO 27001 ISMS design, and ISMS auditing into one curated starter set.
→ View the Security Engineering Stack
How to install
Browse all security skills → /audiences/security
📬 Weekly digest
Get the best new skills every Tuesday
3–5 hand-picked skills. Free forever.
More guides
April 4, 2026 · 8 min read
The CEO of Y Combinator Ships 10,000 Lines of Code a Day. Here's Exactly How.
Garry Tan runs one of the most demanding jobs in tech. He's also shipping more code than ever. gstack — his open-source Claude Code system — is how. Here's what it is and why it works.
March 25, 2026 · 7 min read
How to Create a Claude Skill (Step-by-Step Guide)
Learn how to build, test, and share your own Claude Code skills. A complete walkthrough — from blank file to installed skill — with real examples and best practices.
March 24, 2026 · 8 min read
Awesome Claude Skills: The Complete Searchable List (2026)
Every major Claude Code skills list and awesome-claude-code repository in one place — with install commands, categories, and a searchable directory for all 370+ skills.