Position: Security Director & Facility Security Officer

Tradepoint Atlantic, LLC., the largest and most strategically important multi-modal industrial tract on the eastern seaboard, is seeking a Security Director & Facility Security Officer to join its Corporate Team headquartered in Sparrows Point, MD. The position will report to the SVP, Facilities Management. The Security Director & Facility Security Officer key task is to maintain security controls for the 3300 acre site, its occupants, employees, vendors, tenants and visitors.

Duties and Responsibilities: 

  • Oversees security organization of the facility, including maritime, general vessel and facility operations and conditions.

  • Emergency preparedness, response, and contingency planning.

  • Ensures compliance with all federal, state, and local requirements, including knowledge of applicable laws (Maritime Transportation Security Act (MTSA), Security and Accountability For Every (SAFE) Port Act), regulations (33 CFR 101, 105), and agency guidance (Coast Guard NVICs, policies, MARSEC directives)

  • Proper protection and handling for Sensitive Security Information and security-related communications.

  • Ensure notification to law enforcement and facility personnel and other emergency responders for security or safety matters within the facility property.

  • Security equipment and systems knowledge and operation.

  • Positive control of all accountable items in compliance with contractual security obligations.

  • Provide oversight and guidance to assigned third-party security workforce.

  • Interact with senior management, contract field managers, stevedoring operations, tenant managers and public emergency officials/personnel as applicable.

  • Participate in facility security audits, assessments, and planning.

  • Maintain security knowledge through ongoing training and education.

  • Implement and maintain the Facility Security Plan and standard operating procedures.

  • Control access to protected areas and facilitate visitor requests for incoming personnel.

  • Support the Tradepoint Atlantic acquisition process as needed.

  • Ensure compliance with cyber and information systems security requirements.

  • Assist and adhere to security measures required to safeguard personnel and prevent unauthorized access to equipment, facilities, and materials.

 

Education & Experience:

  • Fulfillment of all Facility Security Officer (FSO) requirements in 33 CFR 105.205

  • Completed USCG approved FSO training and certification within the last two years, or must complete USCG approved FSO training/certification within three months of employment.

  • BS/BA degree in a related field (e.g., Criminal Justice/Criminal Law, Homeland Security, Business Administration) preferred; equivalent work experience in a related career or Military Occupational Specialty may be considered in lieu of a degree.

  • Minimum two years of FSO experience at an MTSA regulated facility preferred; equivalent work experience in a related career or Military Occupational Specialty may be considered in lieu of FSO experience.

  • Port/Terminal/Marine operating systems experience preferred.

  • Must possess a valid driver’s license and ability to obtain and maintain a Transportation Worker Identification Credential.

  • Problem solving and decision-making skills.

  • Computer skills using Microsoft Office products.

  • Strong verbal, written and interpersonal skills.

 

Working Conditions

Must be able to work outside, exposed to all weather conditions, including heat, cold, wind, and rain. Standing and walking will be required throughout the course of a normal day. The wearing of personal protective equipment including, but not limited to, shoes, a safety vest and a hard hat will be required. Required to observe all safety and health requirements for maritime operations.

Hours

Normal working hours are Monday – Friday 8:00 a.m. – 5:00 p.m. with exceptions made for activities related directly to vessel operations. Exceptions may include extended shifts, days, evenings and nights.

How to Apply

Send resume and cover letter to This email address is being protected from spambots. You need JavaScript enabled to view it.

Tradepoint Atlantic LLC is an Equal Opportunity Employer. All qualified candidates will receive consideration for all positions without regard to race, religion, color, sex, gender identity, sexual orientation, pregnancy, age, national origin, ancestry, physical or mental disability, military or veteran status, genetic information, marital status, ethnicity, alienage, marital status, or any other characteristic protected by applicable law.

www.tradepointatlantic.com

 

Job Posting by MAGNAR

www.magnar.com

 

Postion Title: Technical Product Manager

Location: Audubon, NJ

Duration: Full-Time

To Apply: Please submit your cover letter and resume to This email address is being protected from spambots. You need JavaScript enabled to view it.

Who we are:

At Magnar, we are passionate about helping improve the safety and security of the United States. Our mission is to develop and deliver innovative technologies that improve the security, safety, and operational efficiencies of facilities within our nation’s critical infrastructure. We accomplish this through a collaborative, agile, and fast-paced team environment that reflects our values of excellence, innovation, integrity, and active/respectful listening.

What we’re looking for:

Our next Technical Product Manager is a data-driven, strategic team leader, who understands customer requirements and can effectively translate them into innovative solutions that fully satisfy those requirements. You must be capable of product discovery, feasibility, development, and deployment planning; communicating with diverse stakeholder groups; optimization of internal and external resources; project management; systems engineering; and strategic coordination with a cross-functional leadership team. As a member of Magnar’s leadership team, you will help define corporate strategy and planning. Your responsibilities will include execution of corporate and departmental plans, new product development, roadmapping, and product lifecycle management, along with management of related vendors and systems. 

Responsibilities:

  • Work with the leadership team to align corporate and departmental strategy, planning, and execution 

  • Collaborate with cross-functional teams on new product ideation, discovery, feasibility, development, and deployment planning across web and mobile applications

  • Manage development projects to ensure that they are completed on time and within budget

  • Be the end-to-end owner of the product life cycle; identify the customer experience, manage the business case, identify value propositions, build out the product requirements, etc.

  • Turn high-level project objectives and customer, regulatory, and best-practice requirements into a comprehensive set of system requirements

  • Work closely with cross-functional teams and external stakeholders to prioritize product features on the product roadmap

  • Systems integration and management

  • Successfully manage stakeholder feedback and expectations

  • Communicate development updates with the leadership team

  • Oversee Quality Assurance

  • Develop & document requirements, specifications and use cases for new product features

Requirements:

  • Bachelor's degree in Computer Science, Software Engineering, or Computer Engineering, with a minimum of 5-years experience in a related field

  • Project management experience (PMP certification is a plus)

  • Familiarity/experience with agile methodologies

  • Familiarity/experience with Android software development

  • Familiarity/experience with Android-based hardware

  • Familiarity/experience with web application development

  • Familiarity/experience with Mobile Device Management (MDM) systems

  • Understanding of cyber security optimization/analysis is a plus

  • An ability to work with both technical and non-technical stakeholders, along with the ability to translate between the two

  • Ability to be a customer-facing technical resource

  • Experience with data-driven decision making

  • Ability to effectively prioritize and deliver results under pressure

  • Ability to creatively problem-solve

  • Great people skills, and a proven track record of building relationships at all levels of the organization

Total Compensation:

  • Highly Competitive Salary

  • Performance-based bonuses

  • Health and Dental Insurance

  • 3% 401k company Match

  • Vacation, Personal, Sick and Holiday Pay

The Coast Guard continues to monitor the maritime impact from the ongoing Advanced Persistent Threat (APT) cyber incident in the United States, as previously reported in Marine Safety Information Bulletin (MSIB): 25-20. For more details, please see the Joint Statement by the recently established Cyber Unified Coordination Group (UCG) composed of the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Office of the Director of National Intelligence, and National Security Agency.

This incident will require a sustained and dedicated effort to remediate. The UCG believes that the APT actor’s compromise of the SolarWinds Orion supply chain affected approximately 18,000 public and private sector customers and that the actor targeted a much smaller subset of that group with follow-on activity. CISA continues efforts to identify and confirm initial access vectors and identify any changes to the APT’s tactics, techniques, and procedures (TTPs). Please continue to refer to CISA Alert AA20- 352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations. A comprehensive repository of CISA resources related to this incident is available at https://www.cisa.gov/supply-chain-compromise. CISA will update these resources as new information is discovered.

Even if you do not own SolarWinds Orion, you may be impacted as your third-party networks, services, and vendors may use SolarWinds Orion. It is critical that the Coast Guard understands the potential risks of this APT actor on marine transportation system networks and supply chain connections.

Reporting malicious cyber activity enhances maritime domain awareness and allows us all to be better postured to prevent and respond to cyber incidents that could disrupt commerce or jeopardize national security. Any owner or operator of a Maritime Transportation Security Act (MTSA)-regulated facility or vessel that relies on SolarWinds software for a system that serves or supports a critical security function per its security plan shall, in accordance with 33 CFR 101.305(b) and CG-5P Policy Letter No. 08-16, Section 3.A.i, report a breach of security if:

  • They have downloaded the trojanized SolarWinds Orion plug-in (see FBI Private Industry Notification 20201222-001 https://www.ic3.gov/Media/News/2020/201229.pdf); or
  • They note any system with a critical security function displaying any signs of compromise, including those that may have not originated from the SolarWinds Orion compromise but utilize similar TTPs (see CISA Alert AA20-352A).

This release has been issued for public information and notification purposes only.

CISA recommends utilizing three open-source tools—including a CISA-developed tool, Sparrow—to help in detecting and remediating malicious activity connected to this incident. Specifically, Sparrow was created to detect possible compromised accounts and applications in the Azure/Microsoft 365 environment. For guidance on all three tools, see CISA AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments.

Any potential threat to the physical security or cybersecurity of your vessel or facility should be taken seriously. Any Breach of Security or Suspicious Activity resulting from Cyber Security Incidents for MTSA-regulated vessels or facilities shall be reported to the National Response Center at 1-800-424- 8802. If you have any version of SolarWinds Orion but are unsure if you are at risk, or for any other questions regarding cyber threats or potential compromises, consider also contacting the Coast Guard Cyber Command 24x7 watch at 202-372-2904 or This email address is being protected from spambots. You need JavaScript enabled to view it..

Richard V. Timme, RDML, U. S. Coast Guard, Assistant Commandant for Prevention Policy sends

CG-5PC - Marine Safety Information Bulletin 13-20, Change 2

COVID 19 – Transportation Worker Identification Credential (TWIC®) Operations

The uninterrupted flow of commerce on our Marine Transportation System (MTS) is critical to both National security and National economic well-being. During this National emergency for COVID-19 it is paramount that the Coast Guard safeguards the continued operation of the MTS to ensure our domestic supply chain continues uninterrupted. The regulations outlined throughout 33 and 46 Code of Federal Regulations remain in force, and maritime operators are expected to continue to comply with these requirements. However, when compliance with these regulations cannot reasonably be met as a result of COVID-19, the Coast Guard will exercise flexibility to prevent undue delays. The following clarification is provided regarding the Transportation Worker Identification Credential (TWIC®), which is jointly managed by the Coast Guard and the Transportation Security Administration (TSA). TSA may grant a temporary exemption from certain requirements in 49 CFR part 1572 for the expiration of the TWIC for current cardholders. If this occurs the Coast Guard will take these exemptions into consideration.

Maritime Facilities and Vessels:

 

TWIC Readers - the Coast Guard is not changing or delaying the TWIC Reader Rule implementation date of June 7, 2020 for facilities that receive vessels certificated to carry more than 1,000 passengers and vessels certificated to carry more than 1,000 passengers. However, the Coast Guard will delay enforcement until April 30, 2021.

Applicable facilities and vessels are not required to update facility security plans (FSP)/vessel security plans (VSP) or install readers until the revised enforcement date.

Escort Ratios – Escort ratios for secure and restricted areas of a facility are provided in Navigation and Inspection Circular (NVIC) 03-07. To provide flexibility due to COVID-19 related health impacts, the escort ratio may be adjusted to meet employee shortages or other demands. This would constitute a change to the FSP or require Captain of the Port approval via noncompliance (discussed below and in MSIB 07-20).

New Hires – After enrollment has been completed and a new hire has presented an acceptable form of identification per 33 CFR 101.515(a) to the vessel security officer or facility security officer, that new hire may be allowed access to secure or restricted areas where another person(s) is present who holds a TWIC and can provide reasonable monitoring. The side-by-side escorting required in 33 CFR 101.105 for restricted areas will not be enforced during the COVID-19 pandemic. Additional compliance options for new hires can be found in 33 CFR 104.267 and 105.257 or via noncompliance (discussed below).

Alternative Security Program (ASP) – Local users who are unable to comply with the requirements in an approved ASP may pursue temporary relief via noncompliance (discussed below) or an amendment can be submitted to cover the entire ASP via submission to CG-FAC.

Noncompliance – 33 CFR 104.125 and 105.125 discusses noncompliance with facility and vessel security requirements. If a situation arises where a facility or vessel will not be able to comply with the requirements of 33 CFR parts 104 or 105, they must contact the Captain of the Port (COTP) to request and receive permission to temporarily deviate from the requirements. While not discussed in 33 CFR 104.125 or 105.125, the vessel or facility operator should evaluate and consider any safety risks that may be created from the noncompliance. This request to

 

continue operations should include new measures or safeguards the facility or vessel plans to employ to mitigate any risk from the non-compliance with 33 CFR part 104 or 105.

Merchant Mariner Credentials

The Coast Guard is providing flexibility with regard to requirements to have a TWIC when applying for a credential or when serving under the authority of a credential. To date, the processing of submitted TWIC enrollments has not been impacted by the COVID-19 crisis, and there is no delay in vetting, card production, and issuance. However, TSA and the Coast Guard recognize that this is an evolving public health situation and enrollment centers closures or processing delays will impact applicants for a merchant mariner credential (see below for more on TSA enrollment centers).

Under the 46 CFR 10.203(b), failure to hold a valid TWIC may serve as grounds for suspension or revocation of a merchant mariner credential (MMC). The Coast Guard will not pursue any suspension and revocation actions based on expired TWIC’s during the COVID-19 pandemic. The Coast Guard will update industry prior to reinstating enforcement of this requirement. This enforcement discretion for expired TWICs does not apply to cases where a mariner’s TWIC has been suspended or revoked due to a determination that they are a security threat. In those cases, the Coast Guard may pursue suspension or revocation of the MMC.

With respect to expired TWICs in the MMC application process, mariners applying for an original credential will be treated differently than mariners seeking a renewal, raise of grade or new endorsement. This is because the TSA provides the Coast Guard with biometric and biographic information (including the photograph) necessary to evaluate and produce a MMC.

Mariners applying for an original credential need to demonstrate that they have enrolled for a TWIC. Mariners may pre-enroll for a TWIC online, can schedule an appointment, but must complete the in-person enrollment process at the nearest TSA enrollment center. While this proof of application is sufficient to begin the merchant mariner credentialing process, an applicant for an original credential will be unable to obtain a MMC until their biographic and biometric information is provided to the Coast Guard by TSA.

For mariners already holding a MMC, if their TWIC expires, and their credential remains valid, then no action needs to be taken and the credential remains valid.

If a mariner applies for a renewal, raise of grade, new endorsement or duplicate merchant mariner credential while their TWIC is expired, they may apply without a valid TWIC if they demonstrate that they have enrolled for a TWIC renewal.

TSA Enrollment Centers – TSA’s Enrollment Centers remain open, at this time, and TSA is processing new TWIC enrollments. According to TSA, some enrollment centers have closed and may continue to close for a period of time to ensure the safety, health and wellness of staff and the public. If applicants are planning to visit an enrollment center, TSA encourages individuals to use the “Find an Enrollment Center” feature at the bottom of the Universal Enrollment Services home page (https://universalenroll.dhs.gov/locator) to determine if the center is open and its hours of operation. TWIC enrollments must be completed in-person at an enrollment center. You will be required to provide the necessary identity/immigration documentation and submit fingerprints during your in-person enrollment. It is recommended that you schedule an appointment. You may pre-enroll and schedule an appointment online (https://universalenroll.dhs.gov).

Richard V. Timme, RDML, U. S. Coast Guard, Assistant Commandant for Prevention Policy sends

The U.S. Coast Guard, the Cybersecurity and Infrastructure Security Agency (CISA), and other organizations have recently published information about the SolarWinds cyber attack. 

While I won’t pretend to understand all of the technical details of this event, it is fundamentally a “supply chain” attack.  The malware infected the SolarWinds Orion business software.  Thousands of public and private entities use this software, and they introduced the malware into their own systems as they downloaded routine updates.  The malware installs “backdoors” into the infected systems, and voila, the bad guys are in. 

The sophistication of the attack indicates a nation-state actor.  Frankly, if it is true that the attack started in the spring of this year, we’re fortunate that it was discovered so soon. 

The natural progression for these types of events is for organizations to initially claim they are fine, only to find out (or admit) later that they are infected.  Active, aggressive monitoring and threat hunting should be the new normal for most organizations. 

So what should FSOs and facility owners do about this event?

First, share this blog with the attached links with whoever manages cyber security at your facility, including any outside vendors.  You should already have these folks on your speed dial.  If not, it is time to learn their names and team up on security.

Second, ask to be kept informed on the progress of any response actions your company takes.  Insist that any systems with particular importance to your FSP be included in the detection, response, and recovery actions.  This might include security cameras, Terminal Operating Systems, electronic gate access systems, sensors, alarms, and more. 

Third, ensure your cyber security colleagues are aware of the Coast Guard requirement to report cyber related breaches of security and suspicious activity to the National Response Center.  Information sharing is vital to securing our nation against these attacks.

Finally, I’ll remind you that early this year the Coast Guard published NVIC 01-20, Guidelines for Addressing Cyber Risks at MTSA Regulated Facilities.  If you are not already working on a cyber security annex to your FSP, give S&A a call and we’ll help you understand how to meet this requirement. 

Coast Guard Marine Safety Bulletin https://www.dco.uscg.mil/Portals/9/DCO%20Documents/5p/MSIB/2020/MSIB-20-20-Solar-Wind.pdf?ver=J4I_zECX5EQecQ2ex6LeNw%3D%3D

Cybersecurity and Infrastructure Security Agency (CISA)

https://us-cert.cisa.gov/ncas/current-activity/2020/12/13/active-exploitation-solarwinds-software

MAD Security (Seebald & Associates cyber security partner) https://madsecurity.com/