[kiddingright]

If the devs didn't take security seriously before, why would another node in the communication graph change anything?

[knowitnone]

because sometimes it's a deadline pushed by management so a change could result in allow more time for design, programming, review, or even full time security personnel. Nobody writes the best most secure software under deadline

[cutemonster]

Yes, the right person maybe can change the culture in the company (plus contribute lots of technical skills)