Senior Vulnerability Researcher (5G & Protocol Security)

Job Category: Engineering

Time Type: Full time

Minimum Clearance Required to Start: Top Secret

Employee Type: Regular

Percentage of Travel Required: Up to 10%

Type of Travel: Continental US

* * *

The Opportunity:

We are seeking a Senior Vulnerability Researcher with deep expertise in telecommunications security, 3GPP protocols, and advanced reverse engineering. This role is ideal for a specialist who thrives on technical ambiguity and enjoys probing the 5G stack for critical flaws. You’ll play a key role in evaluating the security and robustness of proprietary telecom systems—reverse-engineering "closed-box" binaries, developing stateful fuzzers, and uncovering vulnerabilities that contribute directly to national cybersecurity efforts.

Responsibilities:

• Develop and deploy custom stateful fuzzers for 3GPP protocols (e.g., NGAP, HTTP/2, PFCP, GTP-U) to identify crashes and stability issues in the 5G Core.
• Apply advanced binary analysis to reverse-engineer proprietary 5G baseband firmware and Network Function (NF) binaries where source code is unavailable.
• Utilize concolic and symbolic execution (e.g., Angr, Manticore) to map complex state machines and uncover logic flaws in 5G session management and authentication flows.
• Create reliable Proof-of-Concept (PoC) exploits for discovered vulnerabilities in critical components such as AMF, SMF, or UPF.
• Investigate edge-case behaviors and low-level protocol signaling to reveal attack surfaces in proprietary telecom and embedded systems.
• Develop custom tools and scripts in Python3 to automate protocol decoding, firmware unpacking, and analysis workflows.
• Document findings clearly and translate technical protocol complexity into actionable reports for security and engineering teams.

Qualifications:

Required:

• An active Top Secret clearance.
• 7+ years of professional experience in vulnerability research, protocol analysis, or reverse engineering.
• Mastery of C/C++ and high proficiency in Python3 for automation and tool development.
• Deep understanding of 5G/4G architecture and 3GPP security standards.
• Proven track record of reconstructing proprietary binary protocols and analyzing "closed-box" telecom equipment.
• Hands-on experience with disassembly and decompilation tools (e.g., IDA Pro, Ghidra, Binary Ninja) and hardware-assisted debugging.
• Detailed understanding of networking and telecom protocol stacks, including signaling, control plane, and data plane components.
• Experience in exploit development and vulnerability discovery in embedded or telecom environments.

Desired:

• An active SCI clearance is highly desired.
• Familiarity with radio access network (RAN) components and baseband security.
• Experience with Linux kernel internals or RTOS environments used in telecom hardware.
• Ability to build scalable fuzzing infrastructure and analysis tools in a team setting.
• Background in hardware-level analysis, including firmware extraction and inspecting hardware state via JTAG or UART.

-

What You Can Expect:

 A culture of integrity.

At CACI, we place character and innovation at the center of everything we do. As a valued team member, you’ll be part of a high-performing group dedicated to our customer’s missions and driven by a higher purpose – to ensure the safety of our nation.

An environment of trust.

CACI values the unique contributions that every employee brings to our company and our customers - every day. You’ll have the autonomy to take the time you need through a unique flexible time off benefit and have access to robust learning resources to make your ambitions a reality.

A focus on continuous growth.

Together, we will advance our nation's most critical missions, build on our lengthy track record of business success, and find opportunities to break new ground — in your career and in our legacy.

Pay Range:

There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits.

The proposed salary range for this position is: