I'm guessing organizations are looking to save a few bucks by throwing another title on untrained devops engineers. Security is it's own complicated discipline and shouldn't be combined with devops.
I think the OP is talking about implementing automated security testing in a CI/CD pattern. Basic versions would be implementing automated scanning using something like skipfish. More advanced would actually be security-specific unit and integration tests. Also included would be security-specific static analyzers etc. The companies that I know of doing this are the big tech companies like Google, Mozilla, Facebook although I'm sure there are plenty more.