As a software engineer you're more than half of the way there. A lot of people pivot into this industry with almost zero experience because it's pretty fun and they end up learning computer science along the way.
In parallel, I'd recommend studying real security vulnerabilities in products that use technologies that you have a background in. For example, if you are interested in both Web technologies and C++ ,I'd start studying Google Chrome, specifically it's Javascript engine V8 [1]. There is an entire cottage community of both offensive and defensive people looking for vulnerabilities in chrome so it's a good way to get started because there's a lot of information out there. One amazing thing about security engineering is that you get to learn how all of these amazing technologies work at a deep level, because you need to understand it almost as well as the developer to find security vulnerabilities in it. For example, I have a very deep understanding of how technologies like RTC, Browsers, Sandboxes, and the IOS operating systems work from auditing their code and finding security vulnerabilities.
Manning has a new book, The Cyber Defenders Career Guide (https://livebook.manning.com/book/cyber-defenders-career-gui...) that might help. It's an early access book, but all the chapters have been written, so you can read the whole book as an ebook already.
