Location:  FDA/CDRH Silver Spring, Maryland, FDA Headquarters, White Oak Campus         

Application Period:  Wednesday, April 27, 2022, through Wednesday, May 25, 2022

Salary Range: $106,823.00 - $138,868.00 (commensurate with education and experience)

Position Information: Full-Time – Appointment term of three (3) years, with the possibility of being extended  

Who may be considered: U.S. Citizens; Permanent Residents; and Non-Citizens

Introduction:  The U.S. Food and Drug Administration (FDA) is the regulatory, scientific, public health and consumer protection agency responsible for ensuring all human and animal drugs, medical devices, cosmetics, foods, food additives, drugs and medicated feeds for food producing animals, tobacco and radiation emitting devices safe, and effective.  

The mission of the Center for Devices and Radiological Health (CDRH or Center) is to protect and promote the public health by performing essential public health tasks by making sure that medical devices and radiological health products are safe for people in the United States.  Within CDRH, the Clinical and Scientific Policy Staff (CSPS or Staff) develops, shapes, and ensures the universal implementation of policies related clinical, scientific, and regulatory matters for the Center.  CSPS shares its vast clinical, scientific, and technical expertise with its Center colleagues and offers expert evidenced based input on highly complex, sensitive, and at times controversial submissions from the medical device industry.

Position Title:  CSPS has immediate openings for Cybersecurity Specialists/ Staff Fellows.  The candidates should have strong backgrounds in biomedical engineering, computer engineering, computer science, mobile devices and wearables, network security and vulnerability, software resilience, and cloud computing technology. 

Position Summary: Staff Fellows – Cybersecurity Specialists: CSPS is now accepting applications for Staff Fellows who have experience in medical and mobile device cybersecurity.  As Staff Fellows, specializing in cybersecurity, you will serve as technical authorities in this area with respect to the scientific and regulatory review of medical devices in both the pre and post-market spaces.  You will focus your efforts on cloud-connected (mobile) medical devices, threat mitigation, and cybersecurity policy development and will have the opportunity to share your expertise in medical device security and safety, while enhancing your scientific, technical, and regulatory knowledge by working with renowned cybersecurity, information security, threat prevention, and medical countermeasure experts.

Specializing in cybersecurity, you will serve as a technical authority and a Center-wide resource for our medical device review divisions.  Specifically, you will be assigned to the Office of Health Technology VII 

(OHT VII), which is responsible for the review of in vitro diagnostic (IVD) medical products.   As such, you will assist in the scientific analysis of medical device safety, provide an authoritative analysis of the security data submitted to the Center for review, and offer cybersecurity policy and/or consulting support for the reviews of novel and existing IVD medical devices.  

Duties/Responsibilities:

As a Cybersecurity Specialist you will perform the following duties:

• Serve as a scientific and technical cybersecurity consultant to Division and Office leadership, as well as industry, advisory panels, patient advisory organizations, and the health care community on trends, significant concerns, and reported adverse event regarding the identification of threats and vulnerabilities of medical devices and diagnostic equipment.
• With an intense focus on medical device safety, reliability, and protecting patient health information, you will utilize your vast cybersecurity expertise to provide policy input on regulatory submissions from industry, across the total product lifecycle of networked, non-networked, and mobile medical devices to assess and evaluate potential threats and vulnerabilities, which could negatively impact the health of patients.
• Provide expert guidance and share recommendations, with Team, Division, and Office leadership on medical device cybersecurity protocols, processes, needs, and solutions. 
• Engage and educate Office colleagues and leadership on data as an integral enterprise asset within the current ecosystem and the importance of proper data governance, security, management, and stewardship to guard against threats.
• Collaborates with intra-Office cross-functional teams to develop health technology security standards, policies, and procedures related to regulatory review of medical devices and diagnostic equipment to minimize potential cybersecurity threats and to address vulnerabilities of networked, network capable, and mobile medical devices.
• Proactively identify and share technology trends and emerging science that may influence and reshape cybersecurity decisions, recommended practices and technologies, medical device development and manufacturing, the medical device review process, and policy.
• Conduct detailed assessments of product security analysis submissions involving medical device software, hardware, technologies involving radio-frequency identification (RFID), wired and mobile technology, and safety measures such as encryption and client/patient authentication.
• Support the review of COVID-19 diagnostics authorized for non-prescription, over-the-counter use (antigen, molecular, serology), which include IVD integration with digital tools via a mobile application, software, and wireless transmission of test results. 
• As new technical challenges and opportunities emerge, help expedite interactive review processes and ensure high quality, safe and effective tests are reaching the market as quickly as possible.
• Contribute and work to combine cybersecurity expertise along with team members’ expertise in IVDs, microbiology, virology, medicine, public health, software, digital health, information technology, computing, and research and development. 

Professional Experience/Key Requirements: Please document knowledge, skills, and abilities relevant to each area described below:

• At least three (3) to five (5) years of experience in evaluating cybersecurity risks and threats and controls for mobile devices and/or cloud interfacing. 
• Broad knowledge of medical devices, IT and cybersecurity infrastructure experience, and practical experience in applying techniques to mitigate security risks.
• Knowledge and experience of security protection principles related to personal identifiable information, such as electronic health records, human research subject data from clinical trials, and clinical systems.
• Ability to skillfully and effectively interpret and present complex scientific and technical cybersecurity information and concepts, in both written and oral formats, to diverse audiences.
• Ability to contribute and work effectively in a team environment.
• Certifications from CompTIA, CCSP, CEH, CISA, CISSP, CBET, and/or SANS are preferred.

Educational Requirements: Applicants must possess a Ph.D. or equivalent degrees in Biomedical Engineering, Computer Engineering, Electronics Engineering, General Engineering, Computer Science, or related scientific fields.  Applicants who have completed part or all of their education outside the U.S. must have their foreign education evaluated by an accredited organization to ensure that the foreign education is comparable to education received in accredited educational institutions in the U.S. This evaluation must also be provided by midnight eastern time on the closing date of this vacancy announcement.  For more information on Foreign Education verification, visit the U.S. Department of Education. Another listing of services that can perform this evaluation is available at the National Association of Credential Evaluation Services (NACES) website.

Desirable Education:

Applicants with degrees in Cybersecurity, Computer Science, Computer Engineering, Electronics Engineering, Mathematics, or related fields are highly desired. 

How to Apply:  Submit an electronic resume or curriculum vitae, cover letter containing describing why you are uniquely qualified for the position, and a copy of unofficial transcripts all in one document (Adobe PDF) to CDRHRecruitment@fda.hhs.gov, with Job Reference code “2022-OPEQ-IO-CS-058/59” in the subject line. Applications will be accepted through May 25, 2022.

Additional Announcement Information

1. COVID-19:  Due to COVID-19, the Agency is currently in an expanded telework posture. If selected, you may be expected to temporarily telework, even if your home is located outside the local commuting area. Once employees are permitted to return to the office, you will be expected to report to the duty station listed on this announcement within 45 days. At that time, you may be eligible to request to continue to telework one or more days a pay period depending upon the terms of the agency's telework policy. As required by Executive Order 14043, Federal executive branch employees are required to be fully vaccinated against COVID-19 regardless of the employee's duty location or work arrangement (e.g., telework, remote work, etc.), subject to such exceptions as required by law. If selected, you will be required to be vaccinated against COVID-19 and will receive instructions on how to provide documentation.
2. Security and Background Requirements: All candidates must meet applicable security requirements which include a background check and a minimum of 3 out of the past 5 years’ residency status in the US.  If not previously completed, a background security investigation will be required for all appointees. Appointment will be subject to the applicant’s successful completion of a background security investigation and favorable adjudication. Failure to successfully meet these requirements may be grounds for appropriate personnel action. In addition, if hired, a background security reinvestigation or supplemental investigation may be required at a later time. Applicants are also advised that all information concerning qualifications is subject to investigation. False representation may be grounds for non-consideration, non-selection, or appropriate disciplinary action.
3. Benefits: The Federal Government offers a comprehensive benefits package. Explore the major benefits offered to most Federal employees at https://www.usa.gov/benefits-for-federal-employees
4. Travel, transportation and relocation expenses will not be paid.