Assume you mean AppSec because around here "Security Engineering" still means Cisco :) Agile Application Security is a great read: