I'm a software developer that recently get interested in application security. I don't have any formal training in that field yet, most of my knowledge are from portswigger.net's top lists and games (like microcorruption.com). I've applied some of those to find bugs in my team's product, just some basic ones: mostly denial of service and some others like CSRF, XSS, padding oracle attack... But if someone ask me how to secure a system then I won't even know where to begin, the massive amount of attacks out there really make me nervous
So, is there any role/position for people like me, newbie, to learn from the job? (from my experience, being a developer really helped in finding/testing scenarios that could lead to security bugs, so I guess I'm having a little more advantage than a real newbie). And what are your suggestions/resources for self learning to become familiar with the field?