Similar to the service provider organization structure, the tooling teams are also organized by discipline, but in this case their focus is not to provide personnel to do the work. The define strategies and provide tools so the the individual development teams can handle the tasks themselves.

In this situation usually the development team is responsible for all the steps required to bring an idea to the client. They do the development work, they do the QA, the InfoSec, the deployment, and they handle the operations.

For this they usually have additional team members who are experts in one of these subjects, (e.g. QA or InfoSec expert) who are part of the team either full time or in some cases part time.

In this case the job of the dedicated QA/InfoSec/DevOps teams is to define the strategy how to achieve high quality, security, and high level of operations. They also build tools so the teams can self-service. For example they build, or help building the infrastructure to run automated tests. The write down coding requirements to make the applications secure and then they also provide tools that can automatically check the applications if they are secure.

They work closely with the development teams, but the development teams don't depend on the availability of the tooling team members. The development team can move forward without waiting for their time-slot in the QA, InfoSec, DevOps teams.