Senior Vulnerability Researcher; Cloud & Containers

Job Title:

Senior Vulnerability Researcher (Cloud & Containers)

Job Category:
Engineering

Time Type:
Full time

Minimum Clearance Required to Start:
Top Secret

Employee Type:
Regular

Percentage of

Travel Required:

Up to 10%

Type of Travel:
Continental US

We are seeking a Senior Vulnerability Researcher with deep expertise in cloud-native architecture, container runtimes, and advanced binary analysis. This role is ideal for a low-level expert who thrives on technical ambiguity and enjoys hunting for vulnerabilities within the "DNA of the cloud." You will use automated reasoning and manual deep-dives to uncover escapes and logic flaws in Kubernetes infrastructure, playing a key role in evaluating the security of critical distributed systems and contributing directly to national cybersecurity efforts.

• Conduct deep-dive research into OCI runtimes (runc, crun) and Linux kernel primitives (name spaces, cgroups, eBPF) to identify breakout and privilege escalation paths.
• Perform static and dynamic analysis on compiled binaries (Go, Rust, C++) using IDA Pro, Ghidra, or Binary Ninja to map undocumented logic and potential security issues.
• Build and maintain custom fuzzing harnesses (e.g., AFL++, lib Fuzzer) to stress-test gRPC interfaces, service mesh components, and microservices.
• Utilize concolic execution tools (e.g., Angr, Manticore) to automate the discovery of complex execution paths and bypass security checks.
• Investigate edge-case behaviors in containerized environments and low-level system initialization logic to reveal hidden attack surfaces.
• Develop custom tools and scripts (primarily in Python3) to automate research workflows, protocol decoding, and memory analysis.
• Document findings clearly and translate technical complexity into actionable reports for security and engineering teams.

Required:

• An active Top Secret clearance.
• 7+ years of professional experience in vulnerability research, software exploitation, or low-level engineering.
• Expert-level proficiency in Go, Rust, and C/C++.
• Strong command of Python3 for scripting and automation of research tasks.
• Deep understanding of x86/ARM assembly and memory corruption primitives.
• Proven track record of finding vulnerabilities in distributed systems, virtualization layers, or container runtimes.
• Hands‑on experience with disassembly and decompilation tools (e.g., IDA Pro, Ghidra, Binary Ninja) and debugging tools (GDB).
• Detailed understanding of Linux kernel internals, specifically name spaces, cgroups, and the container execution model.
• Experience with automated bug-hunting techniques, including fuzzing and symbolic/concolic execution.

Desired:

• An active SCI clearance is highly desired.
• Experience with Kubernetes security architecture and service mesh implementations (Istio, Linkerd).
• Familiarity with hardware-assisted isolation technologies and TEEs (Trusted Execution Environments).
• Ability to build scalable security tooling and infrastructure to support analysis workflows in a team setting.
• Background in cloud provider security (AWS, Azure, or GCP) and underlying hypervisor technology.

The proposed salary range for this position is $113,200 - $237,800.

CACI is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, age, national origin, disability, status as a protected veteran, or any other protected characteristic.