You probably know more than most "professionals" ... I've turned down two infosec jobs in the past. For one they waited 2 months to get back to me and I had already taken another offer as a dev, and with another it was an internal position I didn't even want, but they convinced me to apply just because I posted something in Slack about going to Defcon. (The position looked bad; they had no security developers and desperately needed one to script a lot of their manual log analysis .. paid less than my dev role at the same company. Hard pass).

I got drafted into one security team at a consulting company, for only one day a week (priorities right?) and it ended up being mostly scripting update tools and checklists.

Ever security team at other companies I've worked with were always borderline incompetent. Because of that, their relationship to developers was almost always adversarial.