Information Security Researcher


Position Overview

Are you concerned that tech companies have too much power to shape people’s lives? That the most powerful business models today are based on extracting people's data without their understanding, consent or control? And that companies are not keeping pace with the emerging harms posed by their products and services? If you think we all deserve better and want to put your skills to work for the good guys, then we want you to help build our new Digital Lab.


For over 80 years, people have trusted Consumer Reports to advocate for their interests and help them make informed choices. Today, we're inviting you on new mission: to make sure there are rules for fair conduct in the digital marketplace, and that they’re set in consumers’ favor. To make sure people can live their lives without being forced to sacrifice their privacy. And to make sure people can trust that their devices and data are secure.


We're looking for technologists, activists, lawyers, economists and entrepreneurs who share our drive to build consumer power in the 21st century. With your help, we’ll lead a new movement to restore choice and control to our digital lives. Learn more at




Key Responsibilities

Responsible for continually researching the forefront of information security and privacy issues and represents CR externally to communicate new methods, systems and best practices to evaluate concerns to hold companies to a higher standard.   Will augment our team with the skill set and investigative leadership we need to be effective and timely, while establishing good practices and collaborating with team members to produce solid, repeatable results.  This role also:

  • Continually researches the forefront of information security and privacy issues.
  • Establishes best practices for Information Security research at CR and designs systems for automating and structuring testing.
  • Works with Digital Standard Manager to communicate methods, tools, etc. to Privacy Project Leaders.
  • Liaises with Resident Hacker, Comms, and Content teams to provide expertise and assistance.
  • Develop methods and evaluative frameworks for testing privacy and security concerns of connected products: IoT devices, smartphones, apps, the web, networks, cloud-based platforms, and data/ad brokers.
  • Represents CR at conferences like Black Hat, DEFCON, IEEE, etc
  • Performs other related duties as necessary

Qualifications Include

Minimum 2-3 years experience with consumer or enterprise level infosec

Familiarity with privacy and security trends and concerns in the development and deployment of connected products

Familiarity with penetration testing techniques and risk/attack vector analysis

Experience with network security analysis and penetration testing tools, such as Kali, Wireshark, Burp, WiFi Pineapple, Metasploit, Shodan, Snipr, etc.

Experience with smartphone and app analysis tools, such as [rooting software], Android Studio, Qark, Androwarn, Lumen

Experience with web development environments and browser tools

Solid organization, communication, and collaboration skills

Experience with scripting languages, such as HTML, JavaScript and Python, and libraries that assist in data analysis and tools development

  • Bonus: Experience with tool and web development
  • Bonus: Experience with agile workflows
  • Bonus: Experience with OSINT tools, such as Buscador
  • Bonus: Experience developing training material


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed