Yeah... The only real reason to get a cert is because your customer needs to mark that you have one in their checkbox sheet. I can verify that at least most areas of US Gov do require certs. (They have a 'pick one from this column, one from this column' -type menu of requirements, depending on your role.)
We're not even that lucky.
We get to choose whose on contract, and whose on contract is generally who has a contract for other things and also does (or subcontracts for) security scans. Usually it's the voice/data vendors (Verizon, etc).
But I can tell you that every scan we've done, the vendor has subcontracted with a company and that staff has at least "SANS" certification.
So apparently that's important around here...
However, most of the people we've had were just "run Nessus and tweak the report" type of guys....
Not all of them. A few (also with SANS certs) have been VERY good. I think that was just a fluke tho.. ;-)
You get what you pay for "on contract."
desiv