• Test Project Leader - Info Security & Privacy

    Experience (Years)
  • Position Overview

    Consumer Reports is seeking a Project Leader to oversee testing projects as a member of our new Digital Lab team —  a group of tenacious journalists, privacy experts, product testers, technologists and policy analysts dedicated to shining a light on the data privacy and security issues that consumers increasingly face, as well as examining the broader topics of fair market competition, transparency, and consumer choice in today's marketplace. By scaling our capabilities and expertise for the digital era, Consumer Reports is expanding efforts to protect, educate, and empower consumers in our connected world while holding companies to higher standards.


    We're looking for someone with hands-on experience in the theory and practice of privacy and security in connected products. We’re looking for the kind of people who have done independent penetration testing or been part of a red team, monitored network security for a startup, researched defensive privacy for a talk, or implemented privacy/security design principles in an app. This person would augment our team with the skill set and investigative leadership we need to be effective and timely, while establishing good practices and collaborating with team members to produce solid, repeatable results.


    The Project Leader oversees testing projects. Ensures that testing protocols and procedures are followed, and that methodologies are developed to meet our continually transforming testing objectives.

    Qualifications Include

    • BS college degree or equivalent background with 2-3 years experience in consumer or enterprise level information security
    • Familiarity with privacy and security trends and concerns in the development and deployment of connected products
    • Familiarity with penetration testing techniques and risk/attack vector analysis
    • Experience with network security analysis and penetration testing tools such as Kali, Wireshark, Burp, WiFi Pineapple, Metasploit, Shodan, Snipr, etc
    • Experience with smartphone and app analysis tools, such as {rooting software}, Android Studio, Qark, Androwarn, Lumen
    • Experience with web development environments and browser tools
    • Excellent organization, communication, and collaboration skills. Proven ability to communicate clearly and concisely, verbally and in writing, including technical report-writing skills.
    • Experience with scripting languages, such as HTML, JavaScript and Python, and libraries that assist in data analysis and tools development
    • Experience and comfort with G Suite (Google Docs, Google Sheets, etc.)
    • Experience with Android and iOS static and dynamic analysis
    • Ability to work independently, with enthusiasm for team-based projects and activities
    • Experience with tool and web development, agile workflows, OSINT tools such as Buscador and developing training materials would be preferred.
    • Ability to complete complex assignments requiring ingenuity, originality and resourcefulness.
    • Attention to detail, using well-defined methods and documentation to support analysis.

    Key Responsibilities

    • Plans, coordinates and oversees test projects for privacy and security of connected products.
    • Develops methods and evaluative frameworks for testing privacy and security concerns of connected products: IoT devices, smartphones, apps, the web, networks, cloud-based platforms, and data/ad brokers.
    • Collaborates to integrate privacy and security testing techniques into new and existing workflows and ensures proper implementation
    • Ensures test methods and processes meet standards for accuracy, repeatability and dependability.
    • Evaluates and recommends improvements to test procedures. Develops and maintains tools and pipelines to streamline testing processes and investigatory techniques.
    • Utilizes expertise, teamwork and education to lead hands-on privacy and security testing of connected products.
    • Interacts with communities of researchers and industry professionals working on similar topics to innovate on methodology, tools, and frameworks as necessary.
    • Actively participates as member of product testing and content team to collaborate on identifying topics of interest and objectives of privacy & security testing protocols.
    • Author reports and present findings, issues and concepts to staff to provide clear evidence of analysis and provide feedback for improving methodology and tools.
    • Maintains up to date understanding of the current issues and ideas in the field of security and privacy in connected products
    • Performs other duties as assigned but not at a higher level.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed