How involved should SDETs be in security testing — and what skills does it require?

My company is adding basic security testing requirements. Leadership wants SDETs to own it since we already own automation. I'm comfortable writing functional tests but security testing feels like a different discipline. Specific things they're asking for: - OWASP Top 10 checks integrated into the regression suite - API fuzzing - Dependency vulnerability scanning in CI Dependency scanning (OWASP Dependency Check, Snyk) is clearly doable. API fuzzing and OWASP testing feel like a different skill set entirely. Do SDETs commonly own security testing, or is there usually a dedicated security engineer? What tools can be meaningfully integrated without needing deep security expertise?