Position Title: Data Scientist (Cybersecurity Specialist) – (Staff Fellow)

Location:  Anywhere in U.S. - Remote Job  

Application Period:  Wednesday, January 18, 2023, through Wednesday, February 15, 2023

Salary Range: $81,216 - $105,579 is at the base level and is commensurate with education and experience. The geographical locality pay will be determined at the time of selection.

Position Information: Full-Time – Appointment term of two (2) years, with the possibility of being extended  

Who may be considered: U.S. Citizens; Permanent Residents; and Non-Citizens

Introduction:  The U.S. Food and Drug Administration (FDA) is the regulatory, scientific, public health and consumer protection agency responsible for ensuring all human and animal drugs, medical devices, cosmetics, foods, food additives, drugs and medicated feeds for food producing animals, tobacco and radiation emitting devices safe, and effective.  

The mission of the Center for Devices and Radiological Health (CDRH or Center) is to protect and promote the public health by performing essential public health tasks by making sure that medical devices and radiological health products are safe for people in the United States.  Within CDRH, the Clinical and Scientific Policy Staff (CSPS or Staff) develops, shapes, and ensures the universal implementation of policies related clinical, scientific, and regulatory matters for the Center.  CSPS shares its vast clinical, scientific, and technical expertise with its Center colleagues and offers expert evidenced based input on highly complex, sensitive, and at times controversial submissions from the medical device industry.

Position Title:  CSPS has immediate openings for Cybersecurity Specialists/ Staff Fellows.  The candidates should have strong backgrounds in biomedical engineering, computer engineering, computer science, mobile devices and wearables, network security and vulnerability, software resilience, and cloud computing technology. 

Position Summary: Staff Fellows – Cybersecurity Specialists: CSPS is now accepting applications for Staff Fellows who have experience in medical device, mobile device, and/or operational technology cybersecurity.  As Staff Fellows, specializing in cybersecurity, you will serve as technical authorities in this area with respect to the scientific and regulatory review of medical devices in both the pre and post-market spaces.  You will focus your efforts on cloud-connected medical devices, medical devices using commercial device platforms, embedded devices, threat identification, threat mitigation, cybersecurity risk assessment, and cybersecurity policy development. In this role, you will have the opportunity to share your expertise in medical device security and safety, while enhancing your scientific, technical, and regulatory knowledge by working with renowned cybersecurity, information security, threat prevention, and medical countermeasure experts.

Specializing in cybersecurity, you will serve as a technical authority and a Center-wide resource for our medical device review divisions.  Specifically, you will be assigned to support the Office of Health Technology VII (OHT VII), which is responsible for the review of in vitro diagnostic (IVD) medical products.   As such, you will assist in the scientific analysis of medical device safety, provide an authoritative analysis of the security data submitted to the Center for review, and offer cybersecurity policy and/or consulting support for the reviews of novel and existing IVD medical devices.  

Duties/Responsibilities:

As a Cybersecurity Specialist you will perform the following duties:

• Serve as a scientific and technical cybersecurity consultant to Division and Office leadership, as well as industry, advisory panels, patient advisory organizations, and the health care community on trends, significant concerns, and reported adverse event regarding the identification of threats and vulnerabilities of medical devices and diagnostic equipment.
• With an intense focus on medical device safety, reliability, and protecting patient health information, you will utilize your vast cybersecurity expertise to provide policy input on regulatory submissions from industry, across the total product lifecycle of networked, non-networked, and mobile medical devices to assess and evaluate potential threats and vulnerabilities, which could negatively impact the health of patients.
• Provide expert guidance and share recommendations, with Team, Division, and Office leadership on medical device cybersecurity risks, protocols, processes, needs, and solutions. 
• Collaborates with intra-Office cross-functional teams to develop health technology security standards, policies, and procedures related to regulatory review of medical devices and diagnostic equipment to minimize potential cybersecurity threats and to address vulnerabilities of networked, network capable, and mobile medical devices.
• Proactively identify and share technology trends and emerging science that may influence and reshape cybersecurity decisions, recommended practices and technologies, medical device development and manufacturing, the medical device review process, and policy.
• Conduct detailed assessments of product security analysis submissions involving medical device software, hardware, technologies involving radio-frequency identification (RFID), wired and wireless network communications, mobile technology, and safety measures such as encryption and authentication.
• Support the review of COVID-19 diagnostics authorized for non-prescription, over-the-counter use (antigen, molecular, serology), which include IVD integration with digital tools via a mobile application, software, and wireless transmission of test results. 
• As new technical challenges and opportunities emerge, help expedite interactive review processes and ensure high quality, safe and effective tests are reaching the market as quickly as possible.
• Contribute and work to combine cybersecurity expertise along with team members’ expertise in IVDs, microbiology, virology, medicine, public health, software, digital health, information technology, computing, and research and development. 

Professional Experience/Key Requirements: Please document knowledge, skills, and abilities relevant to each area described below:

• At least three (3) to five (5) years of experience in evaluating cybersecurity risks, threats and controls for embedded devices, mobile devices and/or cloud interfacing.
• Broad knowledge of medical devices and cybersecurity infrastructure experience, and practical experience in applying techniques to mitigate security risks.
• Knowledge and experience of security protection principles related to personal identifiable information, such as electronic health records, human research subject data from clinical trials, and clinical systems.
• Ability to skillfully and effectively interpret and present complex scientific and technical cybersecurity information and concepts, in both written and oral formats, to diverse audiences.
• Ability to contribute and work effectively in a team environment.
• Certifications from CompTIA, CCSP, CEH, CISA, CISSP, CBET, and/or SANS are preferred.

Educational Requirements: Applicants must possess a Ph.D. or equivalent degrees in Biomedical Engineering, Computer Engineering, Electronics Engineering, General Engineering, Computer Science, or related scientific fields.  Applicants who have completed part or all of their education outside the U.S. must have their foreign education evaluated by an accredited organization to ensure that the foreign education is comparable to education received in accredited educational institutions in the U.S. This evaluation must also be provided by midnight eastern time on the closing date of this vacancy announcement.  For more information on Foreign Education verification, visit the U.S. Department of Education. Another listing of services that can perform this evaluation is available at the National Association of Credential Evaluation Services (NACES) website.

Desirable Education:

Applicants with degrees in Cybersecurity, Computer Science, Computer Engineering, Electronics Engineering, Mathematics, or related fields are highly desired. 

How to Apply:  Submit an electronic resume or curriculum vitae, cover letter containing describing why you are uniquely qualified for the position, and a copy of unofficial transcripts all in one document (Adobe PDF) to CDRHRecruitment@fda.hhs.gov, with Job Reference code “2022-OPEQ-IO-CSPS - 4313” in the subject line. Applications will be accepted through February 15, 2023.

Additional Announcement Information

1. COVID-19:  Due to COVID-19, the Agency is currently in an expanded telework posture. If selected, you may be expected to temporarily telework, even if your home is located outside the local commuting area. Once employees are permitted to return to the office, you will be expected to report to the duty station listed on this announcement within 45 days. At that time, you may be eligible to request to continue to telework one or more days a pay period depending upon the terms of the agency's telework policy. As required by Executive Order 14043, Federal executive branch employees are required to be fully vaccinated against COVID-19 regardless of the employee's duty location or work arrangement (e.g., telework, remote work, etc.), subject to such exceptions as required by law. If selected, you will be required to be vaccinated against COVID-19 and will receive instructions on how to provide documentation.
2. Security and Background Requirements: All candidates must meet applicable security requirements which include a background check and a minimum of 3 out of the past 5 years’ residency status in the US.  If not previously completed, a background security investigation will be required for all appointees. Appointment will be subject to the applicant’s successful completion of a background security investigation and favorable adjudication. Failure to successfully meet these requirements may be grounds for appropriate personnel action. In addition, if hired, a background security reinvestigation or supplemental investigation may be required at a later time. Applicants are also advised that all information concerning qualifications is subject to investigation. False representation may be grounds for non-consideration, non-selection, or appropriate disciplinary action.
3. Benefits: The Federal Government offers a comprehensive benefits package. Explore the major benefits offered to most Federal employees at https://www.usa.gov/benefits-for-federal-employees
4. Travel, transportation and relocation expenses will not be paid.