AMAR NATH

I'm

About Me

Security Architect with over 15 years of experience, I specialize in designing and implementing robust security solutions that safeguard critical assets and ensure compliance with industry standards. My expertise spans across enterprise security architecture, risk management, and advanced threat mitigation, coupled with a deep understanding of the latest cybersecurity trends and technologies. I have a proven track record of enhancing security postures for diverse organizations, through strategic planning and innovative security frameworks. Passionate about fortifying digital landscapes, I am dedicated to delivering secure, scalable, and resilient systems.

My approach combines deep technical expertise with a strategic vision, ensuring products are protected against evolving threats from design to deployment. I excel in collaborating with development teams to embed security best practices throughout the product lifecycle, fostering a culture of security awareness, and continuously improving security protocols to maintain a competitive edge in the dynamic cybersecurity landscape.

Skills

TECHNICAL

PRODUCT SECURITY
GOVERNANCE RISK & COMPLIANCE
SECURITY OPERATIONS
IDENTITY & ACCESS MANAGEMENT
BUSINESS CONTINUTITY & DISASTER RECOVERY
IoT & DEVICE SECURITY
CLOUD SECURITY (AWS & AZURE)
DEVSECOPS
NETWORK SECURITY
SECURITY ENGINEERING
AUDITING
OT SECURITY

PERSONAL

LEADERSHIP
PROBLEM SOLVING
CRITICAL THINKING
DECISION MAKING
INTERPERSONAL
CREATIVE THINKING
NEGOTIATION

Resume

Technical Certifications

  • Certified Information Systems Security Professional (CISSP)
  • Certified Cloud Security Professional (CCSP)
  • AWS Certified Security - Specialty
  • Information Technology Infrastructure Library (ITIL)
  • Azure Security, Compliance, and Identity Fundamentals (SC 900)
  • Azure AI Fundamentals (AI 900)
  • Azure Data Fundamentals (DP 900)
  • Azure Fundamentals (AZ 900)
  • Hardware Security - University of Maryland
  • Certified Nuclear Security Professional (WINS)

    • Business Certifications

    • Business Foundation Specialization - Wharton Online | University of Pennsylvania
    • Strategic Leadership & Management Specialization - Gies College of Business - University of Illinois Urbana-Champaign
    • Business Model Innovation - HEC, PARIS
    • Strategic Management – IIM, BANGALORE
    • Innovation & Information Technology Management – IIM, BANGALORE

    Education

    PG DIPLOMA - INFORMATION SYSTEM & CYBER SECURITY

    2010

    Advanced Computing Training School - C-DAC, Pune, MH

    Bachelor of Engineering - Computer Science and Engineering

    2005 - 2009

    Nagarjuna College of Engineering and Technology, Bengaluru, KA

    Professional Experience

    Novartis

    Director - Security Solution Architect
    Feb, 2020 - Present
    Pharmaceutical
    Healthcare

    APPLIED MATERIALS

    PRODUCT SECURITY ARCHITECT
    Oct, 2019 - Feb, 2020
    Product Development
    Semiconductor

    BNP PARIBAS

    MANAGER – SECURITY & IT RISK
    Apr, 2016 - Oct, 2019
    Banking
    Financial

    Infinite Computer Solutions

    SENIOR TECHNICAL CONSULTANT - SECURITY
    Feb, 2016 - Mar, 2017
    Product Engineering Services
    IT Services

    IDEMIA

    SENIOR SECURITY ANALYST - CYBER DEFENSE
    May, 2014 – Feb, 2016
    Product Development
    Biometrics
    Smart Devices
    Public Security

    METLIFE

    TEAM LEAD – CYBER SECURITY & THREAT MANAGEMENT
    Apr, 2012 – May, 2014
    Insurance
    Healthcare

    NESS

    MEMBER OF TECHNICAL STAFF
    Jul, 2010 - Apr, 2012
    Consulting
    Engineering Services

    Indian Institute of technology, Kharagpur

    RESEARCH ASSISTANT
    Sep, 2009 - Feb, 2010
    Research
    Grid Computing

    Work Details

    • Define, deliver and maintain future-fit information security architecture principles, standards and technology roadmaps to support the secure design and implementation that address full stack security requirements.
    • Identify and develop Global Security Architectural Standards, Design Patterns, Reference Architectures and Roadmaps used to define the security principles and constructs in which all products are designed to incorporate consistent and appropriate security controls.
    • Monitor projects with high strategic impact to ensure processes are being followed and goals achieved, including completing milestones on time and within budget.
    • Engage with architects, technical leads and R&D Engineering & Development teams to ensure the security considerations are inducted well in advance during the product development cycle.
    • Work with solution architects to provide mitigation and potential remediation recommendations for solving unprecedented issues and problems.
    • Maintain deep understanding of the information security landscape and emerging technologies and identify key implications and actions for security architecture to maintain a forward-thinking approach.
    • Evaluate and select the technologies and tools required for the delivery of the cyber security target architecture for software, infrastructure in partnership with Enterprise Architecture.
    • Deliver KPIs/metrics for security architecture for management reporting stakeholders. Produce necessary metrics to demonstrate overall completeness of defensive strategy.
    • Collaboratively define and prioritize security backlog for products that continuously delivers measurable value towards the vision.
    • Communicate with a broad range of senior stakeholders to exhibit business alignment.
    • Coach and mentor architects with functional reporting.
    • Contribute to organizational whitepapers and represent in industry consortium for practice standardization.

      • Key Deliverables: Architecture References Software as a Medical Device security Cloud based life science solutions Digital Health Platform Connected Medical Devices

    • Ownership of product security program for the business function.
    • Independently drive strategy, execution and technical direction for complex information security programs, including scope, deliverables, and communication strategy.
    • Working with product architects to investigate secure design approaches, prototype design patterns and evaluate technical feasibility.
    • Identify and coordinate the interdependencies among programs, products and other critical initiatives across all security sub-departments within the organization.
    • Develop program milestones, key performance indicators, and success criteria in collaboration with subject matter experts.
    • Represent Information Security in discussions regarding business strategy discussions, special projects, escalations, and senior leadership escalations.
    • Define processes end-to-end and drive improvements for maximum impact for information security goals and objectives.
    • Develop and implement creative security architectural approaches that utilize proper security controls to meet both ongoing and emerging threats.
    • Work with Computer Security Incident Response Team (CSIRT) to manage & contain information security incidents and events to protect company IT assets, Intellectual Property, and company's reputation.
    • Domain expertise in securing OT & digitalization systems and expert knowledge in Critical infrastructure significant cyber-security standards such as IEC 62443, NIST CSF, Manufacturing, SEMI.

      • Key Deliverables: Product Security Program OT Security Security Assurance PSIRT SEMI Consortium Security Champion

    • Primarily responsible for strong partnership with the Application Development and operations team of the Global Businesses and Functions to ensure an effective application security.
    • Responsible for Local leadership of the offshored Project & Digital Security.
    • Global delivery of security initiatives ensuring harmonization across regions.
    • Security liaison for DevSecOps project.
    • Support internal and external audits for compliance and regulators.
    • Steer and represent security committees for CSF & KRI reviews. Coordination with Committees for necessary direction and approvals, preparation and presentation of relevant agenda.
    • Responsible for global security services delivery for the line of business including : SAST, DAST, IAST, RASP, SCA, PT and Risk Management.
    • Delivering new security technology approaches and implementing next generation solutions. Conducting POC’s and support tool qualification with ROI analysis.
    • Participate in IT security budget and communicating this with the appropriate parties.
    • Tracking latest IT security innovations and keeping abreast of latest cyber security technologies.
    • Development of RefCards to standardize security for technology stacks.

      • Key Deliverables: Application security Team management Vendor management Audits Risk management Automation

    • Perform security-focused code reviews manually and automated.
    • Support and consult with product and development teams in the area of application security, including threat modeling and appsec reviews.
    • Assist teams in reproducing, triaging, and addressing application security vulnerabilities.
    • Participate and assist in initiatives to holistically address multiple vulnerabilities found in a functional area.
    • Drive highly complex application security reviews and threat modeling. Provide expert guidance and direction for other team members when they encounter challenges in their security reviews. Own documentation and procedures surrounding application security reviews as well as lead by example for what successful application security reviews look like.
    • Drive initiatives which scale application security and holistically address multiple vulnerabilities.
    • Drive the business value relation of metrics calculations for the Application Security program.
    • Working closely with our development team to create an automated continuous integration (CI) and continuous delivery (CD) system.
    • Mobile application assessment. Android and iOS apps.
    • Working on ways to automate and improve development and release processes.

      • Key Deliverables: Secure Code Review Penetration Testing DevSecOps CI/CD Mobile Security Testing Threat Modelling

    • Implementing and managing defined security KPI aligning to ISO 27001.
    • Analyzing various security events and logs for infection or intrusion.
    • Experience with McAfee ePO SIEM suite.
    • Log Management using Loglogic.
    • Network and Infrastructure security assessment.
    • Server and Network management.
    • Working on cipher/cryptographic implementation for High Security Module (HSM) for smart cards.

      • Key Deliverables: Infrastructure security ISO27001 Network Security Server Administration SOC Monitoring Cryptographic Modules

    • Vulnerability Management through QualysGuard.
    • Threat management using Symantec MSS.
    • Experience with Sungard LDRPS & BCM.
    • Developing and documenting Business Continuity Plan.
    • Coordination for maintenance & update , exercise and review of policies & procedure.
    • Disaster recovery planning & review.
    • BIA & recommending recovery strategies and options.

      • Key Deliverables: Business Conitnuity Disaster Recovery Vulnerability Management Threat Management Security Process Business Impact Analysis

    • Worked at Symantec with their enterprise security product critical system protection for policy design.
    • Web application security aligned to OWASP and SANS.
    • Worked closely with various clients for providing security assessment.
    • Worked with Symantec host intrusion prevention system(HIPS).
    • Worked on intrusion detection system.
    • Experience with forensics tools (FTK & EnCase).
    • Worked extensively with VMware ESX, RHEL, SLES, SOLARIS & Windows server.

      • Key Deliverables: IDS/IPS Forensics Security Assessment Firewall Server Management OWASP

    Member of a highly motivated team of PhD scholars working on the project “Global seismic monitoring” at the advanced computational seismology lab at IIT-KGP sponsored by the Department of Earth Science , New Delhi . Simultaneously working on GRID computing technology to enable parallel processing of the vast data collected by the 3-D simulation of various seismic activities using Globus toolkit. Worked for their web development and administration.

    Tools and Technologies

    • Secure code review | SAST – Fortify, Coverity, Checkmarx, Veracode
    • Dynamic application security testing | DAST – AppSpider, WebInspect, Qualys, Acunetix, VeraCode, BurpSuite, Postman
    • IAST/RASP – Contrast
    • Container Security – Aquasec, Clair
    • Software Compostion - XRay, BlackDuck, Dependency Check
    • Network scanner – Nessus, Nexpose, Nmap, Qualys, Wireshark, Metasploit
    • Business Continuity Management – LDRPS
    • Threat Management – Symantec MSS
    • IDS/IPS - Symantec critical system protection, Snort
    • GRC – Service now GRC, Archer
    • Endpoint protection & Log management – McAfee ePO, Loglogic, Cortex, Sophos, ELK, Splunk
    • DevOps – Bitbucket, Jenkins, docker, Artifactory
    • Third Party assessment - Archer, SIG
    • Scripting – Bash, PowerShell, Macros, Python
    • Correlation & Visualization – ThreadFix, ELK, Tableau, MS PowerBI
    • Compliance & Frameworks – NIST, ISO, PCI DSS, CIS, GDPR, HIPPA, SOX, OWASP, IEC, STIG
    • Threat Modelling - MS TAM, IrusRisk
    • Methodology - Agile, Scrum
    • Firewall - Fortinet, Untangle