Job Posting by MAGNAR


Postion Title: Technical Product Manager

Location: Audubon, NJ

Duration: Full-Time

To Apply: Please submit your cover letter and resume to This email address is being protected from spambots. You need JavaScript enabled to view it.

Who we are:

At Magnar, we are passionate about helping improve the safety and security of the United States. Our mission is to develop and deliver innovative technologies that improve the security, safety, and operational efficiencies of facilities within our nation’s critical infrastructure. We accomplish this through a collaborative, agile, and fast-paced team environment that reflects our values of excellence, innovation, integrity, and active/respectful listening.

What we’re looking for:

Our next Technical Product Manager is a data-driven, strategic team leader, who understands customer requirements and can effectively translate them into innovative solutions that fully satisfy those requirements. You must be capable of product discovery, feasibility, development, and deployment planning; communicating with diverse stakeholder groups; optimization of internal and external resources; project management; systems engineering; and strategic coordination with a cross-functional leadership team. As a member of Magnar’s leadership team, you will help define corporate strategy and planning. Your responsibilities will include execution of corporate and departmental plans, new product development, roadmapping, and product lifecycle management, along with management of related vendors and systems. 


  • Work with the leadership team to align corporate and departmental strategy, planning, and execution 

  • Collaborate with cross-functional teams on new product ideation, discovery, feasibility, development, and deployment planning across web and mobile applications

  • Manage development projects to ensure that they are completed on time and within budget

  • Be the end-to-end owner of the product life cycle; identify the customer experience, manage the business case, identify value propositions, build out the product requirements, etc.

  • Turn high-level project objectives and customer, regulatory, and best-practice requirements into a comprehensive set of system requirements

  • Work closely with cross-functional teams and external stakeholders to prioritize product features on the product roadmap

  • Systems integration and management

  • Successfully manage stakeholder feedback and expectations

  • Communicate development updates with the leadership team

  • Oversee Quality Assurance

  • Develop & document requirements, specifications and use cases for new product features


  • Bachelor's degree in Computer Science, Software Engineering, or Computer Engineering, with a minimum of 5-years experience in a related field

  • Project management experience (PMP certification is a plus)

  • Familiarity/experience with agile methodologies

  • Familiarity/experience with Android software development

  • Familiarity/experience with Android-based hardware

  • Familiarity/experience with web application development

  • Familiarity/experience with Mobile Device Management (MDM) systems

  • Understanding of cyber security optimization/analysis is a plus

  • An ability to work with both technical and non-technical stakeholders, along with the ability to translate between the two

  • Ability to be a customer-facing technical resource

  • Experience with data-driven decision making

  • Ability to effectively prioritize and deliver results under pressure

  • Ability to creatively problem-solve

  • Great people skills, and a proven track record of building relationships at all levels of the organization

Total Compensation:

  • Highly Competitive Salary

  • Performance-based bonuses

  • Health and Dental Insurance

  • 3% 401k company Match

  • Vacation, Personal, Sick and Holiday Pay

The Coast Guard continues to monitor the maritime impact from the ongoing Advanced Persistent Threat (APT) cyber incident in the United States, as previously reported in Marine Safety Information Bulletin (MSIB): 25-20. For more details, please see the Joint Statement by the recently established Cyber Unified Coordination Group (UCG) composed of the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Office of the Director of National Intelligence, and National Security Agency.

This incident will require a sustained and dedicated effort to remediate. The UCG believes that the APT actor’s compromise of the SolarWinds Orion supply chain affected approximately 18,000 public and private sector customers and that the actor targeted a much smaller subset of that group with follow-on activity. CISA continues efforts to identify and confirm initial access vectors and identify any changes to the APT’s tactics, techniques, and procedures (TTPs). Please continue to refer to CISA Alert AA20- 352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations. A comprehensive repository of CISA resources related to this incident is available at CISA will update these resources as new information is discovered.

Even if you do not own SolarWinds Orion, you may be impacted as your third-party networks, services, and vendors may use SolarWinds Orion. It is critical that the Coast Guard understands the potential risks of this APT actor on marine transportation system networks and supply chain connections.

Reporting malicious cyber activity enhances maritime domain awareness and allows us all to be better postured to prevent and respond to cyber incidents that could disrupt commerce or jeopardize national security. Any owner or operator of a Maritime Transportation Security Act (MTSA)-regulated facility or vessel that relies on SolarWinds software for a system that serves or supports a critical security function per its security plan shall, in accordance with 33 CFR 101.305(b) and CG-5P Policy Letter No. 08-16, Section 3.A.i, report a breach of security if:

  • They have downloaded the trojanized SolarWinds Orion plug-in (see FBI Private Industry Notification 20201222-001; or
  • They note any system with a critical security function displaying any signs of compromise, including those that may have not originated from the SolarWinds Orion compromise but utilize similar TTPs (see CISA Alert AA20-352A).

This release has been issued for public information and notification purposes only.

CISA recommends utilizing three open-source tools—including a CISA-developed tool, Sparrow—to help in detecting and remediating malicious activity connected to this incident. Specifically, Sparrow was created to detect possible compromised accounts and applications in the Azure/Microsoft 365 environment. For guidance on all three tools, see CISA AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments.

Any potential threat to the physical security or cybersecurity of your vessel or facility should be taken seriously. Any Breach of Security or Suspicious Activity resulting from Cyber Security Incidents for MTSA-regulated vessels or facilities shall be reported to the National Response Center at 1-800-424- 8802. If you have any version of SolarWinds Orion but are unsure if you are at risk, or for any other questions regarding cyber threats or potential compromises, consider also contacting the Coast Guard Cyber Command 24x7 watch at 202-372-2904 or This email address is being protected from spambots. You need JavaScript enabled to view it..

Richard V. Timme, RDML, U. S. Coast Guard, Assistant Commandant for Prevention Policy sends

CG-5PC - Marine Safety Information Bulletin 13-20, Change 2

COVID 19 – Transportation Worker Identification Credential (TWIC®) Operations

The uninterrupted flow of commerce on our Marine Transportation System (MTS) is critical to both National security and National economic well-being. During this National emergency for COVID-19 it is paramount that the Coast Guard safeguards the continued operation of the MTS to ensure our domestic supply chain continues uninterrupted. The regulations outlined throughout 33 and 46 Code of Federal Regulations remain in force, and maritime operators are expected to continue to comply with these requirements. However, when compliance with these regulations cannot reasonably be met as a result of COVID-19, the Coast Guard will exercise flexibility to prevent undue delays. The following clarification is provided regarding the Transportation Worker Identification Credential (TWIC®), which is jointly managed by the Coast Guard and the Transportation Security Administration (TSA). TSA may grant a temporary exemption from certain requirements in 49 CFR part 1572 for the expiration of the TWIC for current cardholders. If this occurs the Coast Guard will take these exemptions into consideration.

Maritime Facilities and Vessels:


TWIC Readers - the Coast Guard is not changing or delaying the TWIC Reader Rule implementation date of June 7, 2020 for facilities that receive vessels certificated to carry more than 1,000 passengers and vessels certificated to carry more than 1,000 passengers. However, the Coast Guard will delay enforcement until April 30, 2021.

Applicable facilities and vessels are not required to update facility security plans (FSP)/vessel security plans (VSP) or install readers until the revised enforcement date.

Escort Ratios – Escort ratios for secure and restricted areas of a facility are provided in Navigation and Inspection Circular (NVIC) 03-07. To provide flexibility due to COVID-19 related health impacts, the escort ratio may be adjusted to meet employee shortages or other demands. This would constitute a change to the FSP or require Captain of the Port approval via noncompliance (discussed below and in MSIB 07-20).

New Hires – After enrollment has been completed and a new hire has presented an acceptable form of identification per 33 CFR 101.515(a) to the vessel security officer or facility security officer, that new hire may be allowed access to secure or restricted areas where another person(s) is present who holds a TWIC and can provide reasonable monitoring. The side-by-side escorting required in 33 CFR 101.105 for restricted areas will not be enforced during the COVID-19 pandemic. Additional compliance options for new hires can be found in 33 CFR 104.267 and 105.257 or via noncompliance (discussed below).

Alternative Security Program (ASP) – Local users who are unable to comply with the requirements in an approved ASP may pursue temporary relief via noncompliance (discussed below) or an amendment can be submitted to cover the entire ASP via submission to CG-FAC.

Noncompliance – 33 CFR 104.125 and 105.125 discusses noncompliance with facility and vessel security requirements. If a situation arises where a facility or vessel will not be able to comply with the requirements of 33 CFR parts 104 or 105, they must contact the Captain of the Port (COTP) to request and receive permission to temporarily deviate from the requirements. While not discussed in 33 CFR 104.125 or 105.125, the vessel or facility operator should evaluate and consider any safety risks that may be created from the noncompliance. This request to


continue operations should include new measures or safeguards the facility or vessel plans to employ to mitigate any risk from the non-compliance with 33 CFR part 104 or 105.

Merchant Mariner Credentials

The Coast Guard is providing flexibility with regard to requirements to have a TWIC when applying for a credential or when serving under the authority of a credential. To date, the processing of submitted TWIC enrollments has not been impacted by the COVID-19 crisis, and there is no delay in vetting, card production, and issuance. However, TSA and the Coast Guard recognize that this is an evolving public health situation and enrollment centers closures or processing delays will impact applicants for a merchant mariner credential (see below for more on TSA enrollment centers).

Under the 46 CFR 10.203(b), failure to hold a valid TWIC may serve as grounds for suspension or revocation of a merchant mariner credential (MMC). The Coast Guard will not pursue any suspension and revocation actions based on expired TWIC’s during the COVID-19 pandemic. The Coast Guard will update industry prior to reinstating enforcement of this requirement. This enforcement discretion for expired TWICs does not apply to cases where a mariner’s TWIC has been suspended or revoked due to a determination that they are a security threat. In those cases, the Coast Guard may pursue suspension or revocation of the MMC.

With respect to expired TWICs in the MMC application process, mariners applying for an original credential will be treated differently than mariners seeking a renewal, raise of grade or new endorsement. This is because the TSA provides the Coast Guard with biometric and biographic information (including the photograph) necessary to evaluate and produce a MMC.

Mariners applying for an original credential need to demonstrate that they have enrolled for a TWIC. Mariners may pre-enroll for a TWIC online, can schedule an appointment, but must complete the in-person enrollment process at the nearest TSA enrollment center. While this proof of application is sufficient to begin the merchant mariner credentialing process, an applicant for an original credential will be unable to obtain a MMC until their biographic and biometric information is provided to the Coast Guard by TSA.

For mariners already holding a MMC, if their TWIC expires, and their credential remains valid, then no action needs to be taken and the credential remains valid.

If a mariner applies for a renewal, raise of grade, new endorsement or duplicate merchant mariner credential while their TWIC is expired, they may apply without a valid TWIC if they demonstrate that they have enrolled for a TWIC renewal.

TSA Enrollment Centers – TSA’s Enrollment Centers remain open, at this time, and TSA is processing new TWIC enrollments. According to TSA, some enrollment centers have closed and may continue to close for a period of time to ensure the safety, health and wellness of staff and the public. If applicants are planning to visit an enrollment center, TSA encourages individuals to use the “Find an Enrollment Center” feature at the bottom of the Universal Enrollment Services home page ( to determine if the center is open and its hours of operation. TWIC enrollments must be completed in-person at an enrollment center. You will be required to provide the necessary identity/immigration documentation and submit fingerprints during your in-person enrollment. It is recommended that you schedule an appointment. You may pre-enroll and schedule an appointment online (

Richard V. Timme, RDML, U. S. Coast Guard, Assistant Commandant for Prevention Policy sends

The U.S. Coast Guard, the Cybersecurity and Infrastructure Security Agency (CISA), and other organizations have recently published information about the SolarWinds cyber attack. 

While I won’t pretend to understand all of the technical details of this event, it is fundamentally a “supply chain” attack.  The malware infected the SolarWinds Orion business software.  Thousands of public and private entities use this software, and they introduced the malware into their own systems as they downloaded routine updates.  The malware installs “backdoors” into the infected systems, and voila, the bad guys are in. 

The sophistication of the attack indicates a nation-state actor.  Frankly, if it is true that the attack started in the spring of this year, we’re fortunate that it was discovered so soon. 

The natural progression for these types of events is for organizations to initially claim they are fine, only to find out (or admit) later that they are infected.  Active, aggressive monitoring and threat hunting should be the new normal for most organizations. 

So what should FSOs and facility owners do about this event?

First, share this blog with the attached links with whoever manages cyber security at your facility, including any outside vendors.  You should already have these folks on your speed dial.  If not, it is time to learn their names and team up on security.

Second, ask to be kept informed on the progress of any response actions your company takes.  Insist that any systems with particular importance to your FSP be included in the detection, response, and recovery actions.  This might include security cameras, Terminal Operating Systems, electronic gate access systems, sensors, alarms, and more. 

Third, ensure your cyber security colleagues are aware of the Coast Guard requirement to report cyber related breaches of security and suspicious activity to the National Response Center.  Information sharing is vital to securing our nation against these attacks.

Finally, I’ll remind you that early this year the Coast Guard published NVIC 01-20, Guidelines for Addressing Cyber Risks at MTSA Regulated Facilities.  If you are not already working on a cyber security annex to your FSP, give S&A a call and we’ll help you understand how to meet this requirement. 

Coast Guard Marine Safety Bulletin

Cybersecurity and Infrastructure Security Agency (CISA)

MAD Security (Seebald & Associates cyber security partner)

Foreign Flag Ship Port Call

Regulations and Security Procedures

Drew Tucci, Captain, USCG (retired)

A client recently asked for some information about what happens when a foreign flag ship calls on a U.S. port facility, and what responsibilities the facility owner has.  U.S. port facilities are part of complex global trade system, in which government agencies, vessel owners, and facility owners all share responsibilities.

When a foreign flag ship calls on a U.S. port, the vessel owner/operator is responsible for most Coast Guard and Customs regulations.  The vessel agent typically addresses these requirements.  Nonetheless, the facility owner also has some responsibilities. 

All foreign flag ships bound for U.S. ports must notify the U.S. Coast Guard, and U.S. Customs, at least 96 hours in advance.  This is a VESSEL requirement found in 33 Code of Federal Regulations Part 160.205.  The Notice of Arrival (NOA) process is done electronically, and it allows the Coast Guard and Customs and Border Protection (CBP) to do a detailed joint vetting of the ship, its crew, owner, operator, cargo, past port calls, as well as past safety, security, and environmental compliance. 

When I was on active duty, I visited the DHS National Targeting Center in Reston, VA on several occasions.  Coast Guard and CBP personnel, along with other agencies, work side by side, comparing intelligence, sharing data, and evaluating the ships, personnel, and cargo bound for U.S. ports.  It is a great example of government agency cooperation. 

While there is considerable overlap in authority and jurisdiction, the Coast Guard generally has primary authority over the ship, with Customs having primary authority over the cargo and the crew members (e.g. cargo tariffs, visa requirements for crew members).

The National Targeting Center provides their analysis to the local Captain of the Port (and CBP office).  The local Coast Guard and CPB personnel add their perspective, including knowledge of local risk factors, and determine what actions, if any, they will take.  On rare occasions, the Coast Guard and/or Customs will place restrictions on a ship or its crew, such as holding it offshore until they conduct a boarding, or issuing a “detain on board” for crew members identified as illegal immigration risks. 

As the ship approaches port, local pilots (typically licensed by the State and the Coast Guard) will guide it to the dock.  Pilots will communicate with the Coast Guard, and often the facility operator, if they have any concerns about the ships they bring to port. 

The Coast Guard and/or Customs may also board a vessel after it is at the facility for more routine checks.  If they find significant safety/security/environmental regulations they may prohibit cargo operations until the matter is resolved. 

In most cases, once a ship is safely docked, cargo operations may begin.  The Coast Guard generally only requires advance notice of fuel/cargo transfers in special circumstances (33 CFR 156.118), but a courtesy notice to the local Sector or Marine Safety Unit is a good idea.

Safety regulations for oil/fuel/hazmat transfers for a foreign flag ship are the same as for U.S. barges:  Qualified Person in Charge, hoses in good condition, communications, and other requirements per the Declaration of Inspection (33 CFR 156.120). 

Container and dry bulk cargos don’t have specific Coast Guard transfer requirements, but the facility owner should be alert for any safety, security, or environmental risk factors.  If you start having any doubts while communicating with the vessel master or chief mate, address them before someone gets hurt or other problems develop. 

Security regulations for vessel interaction are described in your Facility Security Plan.  A Declaration of Security (DoS) is generally NOT required at MARSEC Level 1, unless specifically required in your FSP.  That said, a DoS is a good idea, and the FSO and the VSO should be clear on joint security procedures, especially reporting of suspicious activity and any planned Seafarer Access activity.

Your FSP should already address Seafarer Access requirements.  In general, vessel crew members (with visas provided by Customs) may transit through your facility without undue delay – but of course they need to be escorted.  Your security guards should be screening them, just like any other visitor to your facility.  Seafarer Access requirements also apply to seafarer advocacy groups (Seaman’s Church Institute, mariner unions). 

While the vessel is responsible for all vessel requirements, the facility operator is responsible for:

  • FSP requirements (33 CFR Part 105). This includes monitoring and screening people and stuff coming from and going to the vessel (crew members, vessel stores, cargo)
  • Facility environmental requirements – 33 CFR Part 154 – think oil spill plan, hoses in good condition, drip pan under the manifold.
  • Facility safety requirements – safety gear on the dock, traffic management, controlling hot work and fire hazards, especially for facilities that handle flammable or other hazardous materials.
  • Facility portion of oil transfer requirements.
  • Reporting suspicious activity.
  • Reporting perceived deficiencies in vessel security procedures (yes, this is a judgement call).
  • Reporting oil spills, unsafe conditions, or similar situations.

Cooperation and communication among all parties is key to secure, safe, and smooth cargo operations.  Invest in building relationships with all the agents, pilots, officials, and other personnel who come together at your facility.