Senior Vulnerability Researcher (5G & Protocol Security)
CACI•Florham Park, NJ
•Onsite
About The Position
We are seeking a Senior Vulnerability Researcher with deep expertise in telecommunications security, 3GPP protocols, and advanced reverse engineering. This role is ideal for a specialist who thrives on technical ambiguity and enjoys probing the 5G stack for critical flaws. You’ll play a key role in evaluating the security and robustness of proprietary telecom systems—reverse-engineering "closed-box" binaries, developing stateful fuzzers, and uncovering vulnerabilities that contribute directly to national cybersecurity efforts.
Requirements
- An active Top Secret clearance.
- 7+ years of professional experience in vulnerability research, protocol analysis, or reverse engineering.
- Mastery of C/C++ and high proficiency in Python3 for automation and tool development.
- Deep understanding of 5G/4G architecture and 3GPP security standards.
- Proven track record of reconstructing proprietary binary protocols and analyzing "closed-box" telecom equipment.
- Hands-on experience with disassembly and decompilation tools (e.g., IDA Pro, Ghidra, Binary Ninja) and hardware-assisted debugging.
- Detailed understanding of networking and telecom protocol stacks, including signaling, control plane, and data plane components.
- Experience in exploit development and vulnerability discovery in embedded or telecom environments.
Nice To Haves
- An active SCI clearance is highly desired.
- Familiarity with radio access network (RAN) components and baseband security.
- Experience with Linux kernel internals or RTOS environments used in telecom hardware.
- Ability to build scalable fuzzing infrastructure and analysis tools in a team setting.
- Background in hardware-level analysis, including firmware extraction and inspecting hardware state via JTAG or UART.
Responsibilities
- Develop and deploy custom stateful fuzzers for 3GPP protocols (e.g., NGAP, HTTP/2, PFCP, GTP-U) to identify crashes and stability issues in the 5G Core.
- Apply advanced binary analysis to reverse-engineer proprietary 5G baseband firmware and Network Function (NF) binaries where source code is unavailable.
- Utilize concolic and symbolic execution (e.g., Angr, Manticore) to map complex state machines and uncover logic flaws in 5G session management and authentication flows.
- Create reliable Proof-of-Concept (PoC) exploits for discovered vulnerabilities in critical components such as AMF, SMF, or UPF.
- Investigate edge-case behaviors and low-level protocol signaling to reveal attack surfaces in proprietary telecom and embedded systems.
- Develop custom tools and scripts in Python3 to automate protocol decoding, firmware unpacking, and analysis workflows.
- Document findings clearly and translate technical protocol complexity into actionable reports for security and engineering teams.
Benefits
- flexible time off
- robust learning resources
- comprehensive benefits
- healthcare
- wellness
- financial
- retirement
- family support
- continuing education
- time off benefits
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
