Senior Vulnerability Researcher (5G & Protocol Security)

About The Position

Requirements

• An active Top Secret clearance.
• 7+ years of professional experience in vulnerability research, protocol analysis, or reverse engineering.
• Mastery of C/C++ and high proficiency in Python3 for automation and tool development.
• Deep understanding of 5G/4G architecture and 3GPP security standards.
• Proven track record of reconstructing proprietary binary protocols and analyzing "closed-box" telecom equipment.
• Hands-on experience with disassembly and decompilation tools (e.g., IDA Pro, Ghidra, Binary Ninja) and hardware-assisted debugging.
• Detailed understanding of networking and telecom protocol stacks, including signaling, control plane, and data plane components.
• Experience in exploit development and vulnerability discovery in embedded or telecom environments.

Nice To Haves

• An active SCI clearance is highly desired.
• Familiarity with radio access network (RAN) components and baseband security.
• Experience with Linux kernel internals or RTOS environments used in telecom hardware.
• Ability to build scalable fuzzing infrastructure and analysis tools in a team setting.
• Background in hardware-level analysis, including firmware extraction and inspecting hardware state via JTAG or UART.

Responsibilities

• Develop and deploy custom stateful fuzzers for 3GPP protocols (e.g., NGAP, HTTP/2, PFCP, GTP-U) to identify crashes and stability issues in the 5G Core.
• Apply advanced binary analysis to reverse-engineer proprietary 5G baseband firmware and Network Function (NF) binaries where source code is unavailable.
• Utilize concolic and symbolic execution (e.g., Angr, Manticore) to map complex state machines and uncover logic flaws in 5G session management and authentication flows.
• Create reliable Proof-of-Concept (PoC) exploits for discovered vulnerabilities in critical components such as AMF, SMF, or UPF.
• Investigate edge-case behaviors and low-level protocol signaling to reveal attack surfaces in proprietary telecom and embedded systems.
• Develop custom tools and scripts in Python3 to automate protocol decoding, firmware unpacking, and analysis workflows.
• Document findings clearly and translate technical protocol complexity into actionable reports for security and engineering teams.

Benefits

• Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
• We offer competitive compensation, benefits and learning and development opportunities.
• Our broad and competitive mix of benefits options is designed to support and protect employees and their families.
• At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits.