[nmrsk]

I work in this niche (finding/exploiting C/C++ bugs in operating systems and browsers). Here's the companies I know about: Raytheon, Mitre, L3Harris, Grayshift, Vigilant. Also NSA and CIA will train you if you don't already have the skills, but there's downsides: clearance required, no remote work, DC area only, low pay.

[MSFT_Edging]

If you find the right contractor or aim for a smaller subcontractor, the pay can be fairly lucrative if you haven't been poisoned by FAANG salaries.

Typically the game in the industry is work for a contractor, quit with a few of your best buds, open an LLC and sub back to the same customer/contractor with your billing rate doubled. Since you lack the overhead of a larger company, you can be a little entrepreneur with your specialization and get very rich very fast.

[malleefowl]

Agreed! I just meant that working directly for NSA/CIA is low pay. Like ~100k, which certainly isn't poverty wages. Working for a contractor, I think about 250k is normal (but I have very few data points). And I don't know anyone who has started their own LLC, but I'm sure the sky's the limit with that route.