Should the pentester seek features to test by himself?


Imagine we have a dev team

  1. developers
  2. team lead
  3. scrum master

When a new feature is planned to be implemented, should it be sent to the security team by the dev team lead (to evaluate whether it needs to be tested) or the someone from the security team should seek for them by himself by attending to meetings? We have like 10 different products.