Senior Vulnerability Researcher (Cloud & Containers)

CACI International•Florham Park, NJ

22h

About The Position

We are seeking a Senior Vulnerability Researcher with deep expertise in cloud-native architecture, container runtimes, and advanced binary analysis. This role is ideal for a low-level expert who thrives on technical ambiguity and enjoys hunting for vulnerabilities within the "DNA of the cloud." You will use automated reasoning and manual deep-dives to uncover escapes and logic flaws in Kubernetes infrastructure, playing a key role in evaluating the security of critical distributed systems and contributing directly to national cybersecurity efforts.

Requirements

An active Top Secret clearance.
7+ years of professional experience in vulnerability research, software exploitation, or low-level engineering.
Expert-level proficiency in Go, Rust, and C/C++.
Strong command of Python3 for scripting and automation of research tasks.
Deep understanding of x86/ARM assembly and memory corruption primitives.
Proven track record of finding vulnerabilities in distributed systems, virtualization layers, or container runtimes.
Hands-on experience with disassembly and decompilation tools (e.g., IDA Pro, Ghidra, Binary Ninja) and debugging tools (GDB).
Detailed understanding of Linux kernel internals, specifically namespaces, cgroups, and the container execution model.
Experience with automated bug-hunting techniques, including fuzzing and symbolic/concolic execution.

Nice To Haves

An active SCI clearance is highly desired.
Experience with Kubernetes security architecture and service mesh implementations (Istio, Linkerd).
Familiarity with hardware-assisted isolation technologies and TEEs (Trusted Execution Environments).
Ability to build scalable security tooling and infrastructure to support analysis workflows in a team setting.
Background in cloud provider security (AWS, Azure, or GCP) and underlying hypervisor technology.

Responsibilities

Conduct deep-dive research into OCI runtimes (runc, crun) and Linux kernel primitives (namespaces, cgroups, eBPF) to identify breakout and privilege escalation paths.
Perform static and dynamic analysis on compiled binaries (Go, Rust, C++) using IDA Pro, Ghidra, or Binary Ninja to map undocumented logic and potential security issues.
Build and maintain custom fuzzing harnesses (e.g., AFL++, libFuzzer) to stress-test gRPC interfaces, service mesh components, and microservices.
Utilize concolic execution tools (e.g., Angr, Manticore) to automate the discovery of complex execution paths and bypass security checks.
Investigate edge-case behaviors in containerized environments and low-level system initialization logic to reveal hidden attack surfaces.
Develop custom tools and scripts (primarily in Python3) to automate research workflows, protocol decoding, and memory analysis.
Document findings clearly and translate technical complexity into actionable reports for security and engineering teams.