As we know, the role of cloud engineer is over-arching and the boundaries are fuzzy. Depending upon the organization, it could be just building cloud infrastructure but the truth of the matter is that these days a cloud engineer is supposed to do or at least facilitate support to everything which touches the cloud.
The Application software which runs in cloud doesn't exist in vaccum. It not only contains code but also makes use of various cloud services. A typical cloud application lives in a virtual network, makes use of egress and ingress rules, obeys the identity access management, and follows defined security patterns. That is the key concept here. No matter if the application resides on virtual machine, or it's serverless, or it's container based; it has to remain in the ambit of security guardrails defined by your cybersecurity team.
It's the job of cloud engineer to make sure that application developers have clear idea about it while they build thier application. From CICD to production access for users, developers should know what's the defined secure path. For example, if the application needs to talk to some public end points, don't let developers put the application in public subnet, or create their own internet gateways. Give them a proper secure way to do so.