Application Security Engineer here.
For a developer I would recommend the OSWE certification which takes a more code-centric approach and resources such as https://portswigger.net/web-security and The Art of Software Security Assessment book. You can also leverage your DevOps experience for learning about server, app and cloud misconfigurations and their impact on security.
The demand for network security is not as high as for appsec people and I personally don't see network security as very rewarding (intellectually and financially).
For the Pentesting route I recommend trying some HackTheBox and watching Ippsec's channel (https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA).
OSCP is fine, but it is a beginner certification and definitely not enough for getting a Pentest job.
The demand for network security is not as high as for appsec people and I personally don't see network security as very rewarding (intellectually and financially).
For the Pentesting route I recommend trying some HackTheBox and watching Ippsec's channel (https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA). OSCP is fine, but it is a beginner certification and definitely not enough for getting a Pentest job.