Protocol Reverse Engineer (RF/Wireless)

About The Position

Requirements

• US Citizenship
• 3+ years of experience in RF engineering, telecommunications security, electronic warfare, or wireless vulnerability research with a bachelors degree (or higher) in a related field.
• In-depth understanding of the OSI model with extreme proficiency in Layer 1 (Physical) and Layer 2 (Data Link) mechanics of cellular (4G/5G), Wi-Fi, and Bluetooth architectures.
• Hands-on experience with Software-Defined Radio hardware (e.g., USRP, HackRF, BladeRF, ADRV9364-Z7020) and software frameworks (e.g., UHD, GNU Radio, srsRAN, OpenAirInterface).
• Strong proficiency in C/C++ and Python for scripting, signal processing, and automating RF attacks.
• Solid foundation in digital signal processing (DSP), modulation schemes (OFDM, QAM, etc.), and error correction methodologies.
• Familiarity with RF lab equipment including spectrum analyzers, oscilloscopes, and signal generators.

Nice To Haves

• Prior experience in the Electronic Warfare (EW) domain.
• Knowledge of IoT protocols (Zigbee, LoRa, Z-Wave) or satellite communications.
• Active security clearance.

Responsibilities

• Protocol Analysis: Deep-dive into the specifications and real-world implementations of wireless protocols (3GPP LTE/5G NR, IEEE 802.11, IEEE 802.15.1, etc.) focusing on the PHY and MAC layers.
• Vulnerability Research: Identify weaknesses in radio frequency implementations, including authentication bypasses, denial-of-service vulnerabilities, and signal degradation thresholds.
• Disruption Strategy Development: Design and execute advanced disruption strategies. This includes developing proof-of-concept techniques for localized jamming, signal spoofing, replay attacks, and man-in-the-middle (MitM) scenarios at the radio layer.
• Software-Defined Radio (SDR) Development: Utilize SDR platforms to build custom transmitters, receivers, and test environments to capture, analyze, and manipulate RF spectrum data in real-time.
• Testbed Engineering: Architect and maintain isolated RF testing environments (e.g., Faraday cages, anechoic chambers, wired RF networks) to safely simulate disruptions without violating FCC/local broadcasting regulations.
• Reporting & Mitigation: Document findings, technical methodologies, and the impact of disruption strategies, working alongside hardware teams to deliver a complete hardware and software product.