I noticed that all vulnerability research positions expect you to already have the knowledge and career experience, other than few government-sponsored training programs (which I'm not eligible for).
so I would appreciate getting some advice on how I can pivot my career to that direction.
Some background about me: 6 years in cybersecurity. I started as a SOC analyst, then moved into DFIR, with focus on malware reversing (effecting x86 platforms most of the time, some few occasions ARM/MIPS malware), I wrote tools in C/C++ as well as detection scripts in Python and Lua.