Agreed re the problem.
Actually, the problem is bigger: there’s no time not for security only, but for usability, testing and refactoring as well. For a overwhelming majority of projects.
Because as you said, developers have a great amount of critical tasks at every moment. And if you break their app by demonstrating some vulnerability, you’ll be assigned as a root of disaster at the first place.
This can be explained by a strong competition on a modern IT market — you should be faster then others no matter what.
So the solution, for me, is to:
- (super hard) find (create) project/team which pays strong attention to every aspect of a development process, and try to became part of this team;
- (hard) find (create) project/team which pays strong attention to one of the aspects and promote it as a project’s advantage. Such as a Signal (or more popular Telegram) in a terms of security.