Bug Bounty .. It is mostly referred to Web Application Penetration Testing. You can choose to specialise only in this field by focusing on Web Vulnerabilities. This is also something that many people want. They want to test their website security.

And as we know there are a lot of websites on the internet. Your job will be to protect them! A good thing to do next is to take some Bug Bounty course that will teach advance topics like SQL injection, XSS , CSRF ... in more details! Once you feel more comfortable with discovering Bugs in Web Apps, you can take a look at platform called "BugCrowd" !