Demanded. You should know about the following:
1) As many technologies and programming languages ​​for the web as possible (PHP, Perl, Python, ASP, etc.).
2) As many DBMSs as possible and the features of each of them.
3) The most common vulnerabilities: SQL-injection, XSS, CSRF, include, etc. Methods for bypassing filters and WAFs. Rare vulnerabilities.
4) Rules and features of competent configuration of web servers in Windows and * nix.
5) The specifics of the exploitation of vulnerabilities on different configurations (OS / web server / DBMS / PL).
6) Non-obvious vectors and design vulnerabilities.
7) Automated tools for finding vulnerabilities.
8) Site security audit methods.
9) Etc.

The area of ​​information security itself is quite in demand on the market, but the deliberate restriction of specialization solely to the security of sites is very short-sighted. To be a good security guard, you need to know a lot of things from related areas: both the OS, and the software that provides the necessary functionality, and the principles of operation of protocols, and generally accepted standards, and laws, and papers to write well and smoothly, and it would be nice to get certified. Otherwise, it will be like Raikin's - there are no complaints about buttons, and the whole suit is no good.

While sites are being hacked, such specialists are in demand. True, I can’t imagine that after investing a lot of money in the development of the site, I will need a security specialist. On the other hand, if I need such a specialist, then I saved on development and I’m unlikely to pay for the work in full. But this is only a theory, I do not know the income level of such people.

Knowledge is in demand, how to write sites without "holes", continuing to study in this area will not go wrong.
There are also specialists/consultants who can conduct a site security audit. But this is a one-time job, working as a consultant only on this topic, it will be difficult to fully load

In large projects - in demand.
In companies "a site for 5000 rubles" - of course not.
It will be quite difficult to find a job, because. there are more security specialists than large projects. However, if you find it, it will most likely be a "gold mine". Although it all depends on your knowledge.