Consumer Reports, Inc.

IoT Cybersecurity Test Lead, Digital Lab

Job Locations US-NY-Yonkers
Research, Testing and Development


CR created the Digital Standard (a part of our Digital Lab) as an open source framework that elevates whether products respect people’s privacy and security.  We believe it isn’t enough to rate products for their ease of use, safety, quality and cost, we must also incorporate  the individual and collective effects of products and services on values like privacy, fairness, and user control. Learn more about the Digital Standard and the Digital Lab.


As a Test Project Leader on the Digital Lab team you will report to the Program Manager, Product Testing - Privacy.  You will be responsible for overseeing testing projects as well as ensuring that testing protocols and procedures are followed, and will develop and improve methodologies to meet testing goals and objectives. You will augment the team with your technical skill-set and investigative leadership, while establishing good practices and collaborating with team members to produce solid repeatable results! 


Under our CRFlex program, this is eligible for remote work!


How You’ll Make an Impact:

Use your cybersecurity skills and experience to have a positive impact on world-class manufacturers of IoT products and to improve consumers’ privacy, safety and security.  Work closely with Consumer Reports Content and Advocacy groups to ensure key findings are clearly communicated and have an impact to drive public government policies.  Collaborate and leverage work with external organizations and standards bodies to have a broad, long-lasting impact.


You will test, analyze, and research privacy and security of connected IoT products to help us shape the digital marketplace for consumers.  This includes:


Security Analysis (25%)

  • Monitor system events, log files and alerts
  • Analyze network security alerts and events
  • Analyze packet captures
  • Analyze network traffic

Privacy Analysis (20%)

  • Perform privacy reviews, identify gaps in privacy architecture
  • Assess the effectiveness of privacy controls
  • Maintain an awareness and understanding of data privacy regulations and standards (e.g., ETSI EN 303 645, CCPA, GDPR, and the Digital Standard)

AppSec (20%)

  • Assess web, mobile, and/or embedded applications
  • Perform Dynamic, Static and Interactive application security testing
  • Evaluate and assess encryption strengths
  • Evaluate data transmission security
  • Write basic scripts to automate simple tasks

Research: Threats (5%)

  • Reverse engineering of malicious binaries for analysis and research

Penetration Testing (15%)

  • Perform hands-on penetration tests
  • Use open source platforms and tools
  • Maintain penetration testing toolkits

Project Management (15%)

  • Publish and present findings and/or remediation guidance to manufacturers and to the industry at webinars and conferences
  • Prepare preliminary test project protocols and detailed procedures.
  • Participate in continuous evaluation and improvement of existing test procedures.



You'll Be Highly Rated If:

  • You have a passion to dig deep and experiment with technology or have been writing code since you were a kid. You have a Bachelor of Science degree in Electrical Engineering, Computer Science or related field. You have a minimum of 2 years proven experience in cybersecurity ethical hacking and testing with Internet connected devices, mobile apps, and software.
  • You know your way around formulas and pivot tables because you are proficient using spreadsheet software (Google and Excel)
  • You are comfortable and have experience working in a lab setting
  • You can turn tech talk into language that even a non-technical person can understand.
  • You know the tools of the trade.  You have a thorough understanding and experience with:
    • GIT / GITHU
    • Wireshark
    • NMAP
    • Burp Suite
    • WiFi Pineapple
    • AppScan
    • AppCensus
    • MobSF
    • Python
    • Powershell
    • Javascript
    • Perl
    • SQL
    • IDA Pro
    • Microsoft Excel & Google Sheets
    • Google Workspace

You’ll Be Our Top Pick If:

  • You have earned a Master’s Degree
  • You want to protect consumer’s security and privacy and just for fun, like to seek out weaknesses in network communications and home networks of connected devices and the software installed on them. 
  • You would go above and beyond going to discover unanticipated vulnerabilities and security flaws that may affect the privacy of consumers.



Our Commitment to Fair Pay

At Consumer Reports, we are committed to fair, transparent pay and we strive to provide competitive, market-informed compensation. The target salary range for this position is $100,000-$110,000. It is anticipated that most qualified candidates will fall near the middle of this range. Compensation for the successful candidate will be informed by the candidate’s particular combination of knowledge, skills, competencies, and experience.





Consumer Reports is an independent, nonprofit organization dedicated to a fair and just marketplace for consumers. Our team is made up of truth tellers, change agents, and consumer advocates who investigate and build coalitions to fight for fairness and justice in the marketplace. We leverage our evidence-based approach to demand safer products, a healthier environment, and equitable services for everyone.

Our mission starts with you. We offer medical benefits from that start on your first day as a CR employee that include behavioral health coverage and unlimited sick days. There’s also generous family planning benefits and a generous 401K match (10%!). Learn more about how CR’s advocates for strong benefits on behalf of their employees here:

Consumer Reports proudly seeks to build a richly diverse workforce by hiring people with a diversity of thoughts, identities, perspectives, and experiences that help advance the difference we make for consumers, and by ensuring our people experience equity and inclusion in their work lives. We encourage members of traditionally underrepresented communities to apply, including women, LGBTQIA people, people of color, and people with disabilities.


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed