The only way to earn a significant income as a security researcher is via bug bounties. Working InfoSec is a fools game in every corporation I've dealt with, directly or indirectly. Last to get hired, first to get fired/layed-off. No one even bothers to pretend to support your job properly (funds, people, and especially tooling). Hell, they don't even bother to read your memos.
So excuse me if I'm a bit confrontational. Asshole.