Almost all of our testers have secondary specialisations, performance, accessibility, automation etc.
It’s only a small team but one of the guys I’d probably put security expert level so often used as a call a friend option to help out on a project for a couple of weeks deep diving into the risk.
The others have basic security risk level ability but rarely would do the deep dive stuff with the pro tools in hand.