Dear Hiring Manager,
After several years in an adjacent role, I am moving deliberately into security engineer work because the strongest part of my recent job has been threat modelling, secure design reviews, vulnerability management, IAM, and security automation. Over the last year I have built hands-on evidence with threat modelling, SAST, dependency scanning, IAM reviews, cloud security controls, Python, and SIEM workflows, so this is a planned move rather than a loose interest.
I am not asking you to infer the connection between my old title and this role. Your team needs application security judgement, vulnerability triage, identity controls, and practical developer enablement, and my strongest examples sit in that exact area. I would use this letter to show the connection with one specific project, the constraints I worked under, and the judgement I brought to the decision points.
A recent example is that I triaged dependency risk, improved secrets handling, and built a lightweight check that caught unsafe configuration before release. That work required threat modelling, SAST, dependency scanning, IAM reviews, cloud security controls, Python, and SIEM workflows, but the more important point is how I made decisions, explained tradeoffs, and followed the result through after release.
I would welcome the chance to talk through how this transition maps to your team needs. security teams value engineers who reduce real risk without turning every review into a blocker, so I would keep the letter concise, evidence-led, and tied to the outcomes the hiring team is likely to care about.
Yours sincerely, Alex Morgan