Certificates are just pieces of paper. Don’t worry about those! You are going to have to make a choice for yourself if you wish to become a full-time security tester or just some a few tests.
What I mean with a few tests is setup automated SQLi, XSS, account enum, vulnerability scans etc…
I believe every tester should know at least the basics of security testing. I prefer to focus on API security & web app security. Security is very broad so if you don’t plan on becoming a penetration tester, I would pick a few topics to start with.
How I started getting involved in security is first of all get to know the vulnerabilities. Follow a course, google and attend webinars, conferences, meetups,… Eventually I setup a penetration test lab at home and went nuts and learnt a lot about “the how and what & what is (il)legal”. Afterwards you can apply this on your project (with permission). I started pointing out security issues just like regular bugs and explained myself why it was a bug and how it could be abused. People got interested into it and I was allowed to setup some security automation also. Which was a huge success due to the many vulnerabilities we found!
If you want a starting point check out OWASP and their Top 10’s.
Pentest lab: https://owasp.org/www-project-juice-shop/
They have some build in exercises too I believe.
Hope it helps you out @rubenfppinto