Summary
Overview
Work History
Education
Skills
Websites
Training
Timeline
Generic
MAHADEV PRASAD NANDA

MAHADEV PRASAD NANDA

Cybersecurity Leader

Summary

Results-driven cybersecurity professional with 16 years of experience leading security operations teams and managing large-scale security infrastructures. Specializing in designing and optimizing SOC processes, driving effective incident response strategies, and implementing proactive defense solutions. Demonstrated success in leading cross-functional teams, managing high-impact security incidents, and aligning security operations with organizational objectives. Extensive hands-on expertise in incident response, threat detection, threat hunting, threat intelligence, WAF, API security, anti-DDoS, DFIR, and bot management solutions.

Overview

17
17
years of professional experience
4
4
years of post-secondary education

Work History

Information Security Manager

PayPal PTE. Ltd.
02.2018 - Current
  • Incident Response Leadership: Directed complex cyber incident investigations, ensuring rapid containment, eradication, and recovery while minimizing business disruption. Led root cause analysis (RCA) and post-incident reporting.
  • Advanced Threat Detection & Hunting: Designed and optimized SIEM use cases, automated alerts, and MITRE ATT&CK-based detection frameworks to enhance threat visibility. Led proactive threat hunting initiatives using behavioral analytics.
  • Forensic & Malware Analysis: Conducted host and network forensics, including Windows log analysis, memory forensics, and network traffic inspection. Investigated attack vectors and adversary TTPs for malware analysis.
  • Security Operations & SIEM Engineering: Managed and fine-tuned EDR, XDR, IDS/IPS, and SOAR solutions to improve real-time threat detection and response. Developed automated playbooks to enrich intelligence, streamline triage, and reduce false positives.
  • Cloud Security Incident Response: Led response efforts for security incidents in AWS, Azure, and Google Cloud. Strengthened API security posture and implemented DDoS mitigation strategies for cloud applications.
  • Threat Intelligence & Risk Assessment: Monitored threat intelligence feeds, OSINT sources, and dark web activity to identify emerging threats. Mapped and assessed risks using MITRE ATT&CK, aiding in strategic defense initiatives.
  • Security Tools & Infrastructure Protection: Managed a diverse security stack, including WAFs, DDoS protection, IAM, email security, firewalls, EDR, antivirus, SOAR, and bot mitigation solutions. Led real-time Layer 7 attack detection and mitigation.
  • Process Development & Optimization: Developed and enhanced operational workflows for security incident tracking, escalation, and remediation, improving response efficiency and effectiveness.
  • Leadership & Mentorship: Trained and guided junior analysts, fostering a high-performance incident response team with continuous skill development.
  • Executive Communication & Reporting: Authored detailed technical reports and executive briefings on cyber incidents, vulnerabilities, and remediation strategies, enabling data-driven security decisions.


DFIR & Incident Response

  • Led Cyber Security Defense Center’s incident response operations, ensuring rapid containment and recovery.
  • Managed end-to-end IR processes, including RCA, security log analysis, and forensic investigations.
  • Expertise in SIEM, memory/network forensics, and forensic artifacts (Event Logs, Prefetch, Amcache, etc.).
  • Hands-on experience with IAM, data security, application security, and network security threats.
  • Maintained incident tracking systems, generated reports, and collaborated with internal stakeholders.
  • Managed enterprise security tools: WAF, DDoS protection, EDR, firewalls, SOAR, and rate limiters.
  • Conducted vulnerability validation (HackerOne) and real-time Layer 7 DDoS mitigation.
  • Architected API security controls, DDoS defense strategies, and edge security solutions.


Threat Intelligence

  • Conducted threat intelligence, hunting, and profiling to detect adversary TTPs and attack patterns.
  • Mapped threats using MITRE ATT&CK, analyzing IOCs to strengthen security defenses.
  • Monitored OSINT sources, threat feeds, and dark web activity to identify emerging risks.
  • Developed cyber threat models and risk assessments to inform defensive strategies.


Threat Detection

  • Developed SIEM use cases, detection rules, and automated alerts to identify advanced threats.
  • Fine-tuned EDR, XDR, IDS/IPS, and SOAR to enhance real-time detection and response.
  • Designed MITRE ATT&CK-based detection frameworks and proactive threat-hunting strategies.
  • Automated SOAR workflows for rapid incident response, reducing false positives.
  • Conducted malware analysis and investigated adversary TTPs for enhanced threat visibility.
  • Led detection engineering, optimizing security tools, alerts, and correlation rules in Splunk.

Lead Security Consultant

NCS Pte. Ltd.
07.2016 - 02.2018
  • Cyber security consultant for Banking, Transport, Enterprise, Retail, Trading, Food chain organizations
  • SIRT - Plan and execute containment, eradication actions and mitigation, Cyber Security Incident Investigations
  • Investigating network intrusions and cyber security breaches to determine the cause and extent of the breach, network & host forensics analysis (DFIR)
  • Investigate and analyze security threats at customers' premises, using established cyber security assessment methodologies
  • Assisting L1 and L2 Teams in monitoring information security alerts through SIEM (Arcsight) to respond, triage, and escalate as needed
  • Analyze and Investigate on Intrusion Detection System events and intelligence reports from External Vendors
  • Analyzing malware samples and extract C&C and assess the depth of impact in the environment
  • Submitting the malware samples to AV vendor for immediate coverage
  • Performing malware analysis (static reverse engineering) by recreating the incident on the lab machine (Hands on in Ransomware, Phishing)
  • Correlate findings with SOC Analysts and propose follow-ups to eliminate or mitigate the threats
  • Fraudulent activity detection and Credential validation attacks
  • Analyzing phishing emails and attachments and taking appropriate remediation steps as required and also submit the samples to E-mail monitoring vendors for their signature update
  • Register the findings comprehensively in proper client reports and SOC systems
  • Enhancing ASOC Threat Detection Capabilities
  • Risk assessment, audit of customer environment and remedy
  • Vulnerability Assessment report review, scan assessment on customer environment
  • Threat intelligence service along with security advisories on cyber threats
  • Technical reviews on customer environment to provide solution
  • Threat hunting using available logs
  • Pre and post assessment of security products for customers
  • Playbook Development and Enhancement, Managed Endpoint Threat Response
  • Enhancing SOC Security Monitoring Triage Quality
  • Familiar with Cyber kill chain process
  • Defining SOP, enhancing use cases for customers, building new cases and enhancing existing detection patterns

SME - Global Cyber Security Operations

Wipro Limited (CITI Bank)
01.2011 - 07.2016
  • Acted as the Single Point of Contact (SPOC) for vendor relationships and client engagement in security projects
  • Managed and configured perimeter security operations for devices like CheckPoint, Juniper, Palo Alto, Cisco firewalls, Bluecoat proxies, and Juniper SSL VPNs
  • Coordinated with security vendors for Return Material Authorizations (RMA) and ensured smooth operations
  • Conducted log analysis using security monitoring tools such as Arbor PeakFlow, SourceFire, Palo Alto Networks, Arcsight Logger, and Proofpoint in Unix and Windows environments
  • Led global security projects, overseeing security standards across regions and collaborating with engineering teams to improve security infrastructure
  • Handled daily change management and client requests related to firewalls and proxies, including configuring access lists, NAT, rules, and VPN setups
  • Led incident response, risk management discussions with clients, and approved critical security changes
  • Conducted security event reviews, risk assessments, and MAS audits
  • Managed a global security team, addressing day-to-day operations and critical incidents
  • Performed global SOC monitoring, research, and analysis on IDS/IPS events, firewall, proxy, VPN, and McAfee logs
  • Detected anomalies and analyzed packet-level data, firewall, and proxy logs to identify potential threats
  • Reviewed logs from security tools like Arbor PeakFlow, Palo Alto Networks, ForeScout, Arcsight Logger, McAfee, and Damballa in Unix and Windows environments
  • Identified system vulnerabilities and implemented countermeasures based on industry standards
  • Provided evidence of corporate policy violations and worked with the Incident Management Team on escalation processes
  • Experienced in security incident response, escalation, and mitigation, including DDoS attacks, virus outbreaks, phishing incidents, and illegitimate email distribution
  • Detected fraudulent activities, suspicious behavior, and proxy log anomalies, using threat correlation techniques
  • Monitored violations, recommending SIRT actions for authentication failures and system changes across various platforms (Wintel, UNIX, SQL, Oracle, network/VPN devices)
  • Tracked security violations and breaches through daily audit logs in Arcsight, ensuring timely resolution with business teams

Security Analyst

ITC Infotech India Limited
12.2009 - 01.2011
  • Monitor and analyze security events from various sources (SIEM tools, IDS/IPS, firewalls, etc.) to detect threats and vulnerabilities
  • Investigate, analyze, and respond to security incidents, such as malware infections, unauthorized access, phishing attacks, DDoS, and data breaches
  • Escalate critical security incidents to higher management and relevant teams when necessary
  • Provide detailed incident reports and root cause analysis to ensure timely remediation and future prevention
  • Collaborate with IT and DevOps teams to prioritize and implement remediation strategies
  • Configure, tune, and maintain SIEM platforms (QRadar, Arcsight) to enhance threat detection capabilities
  • Develop custom correlation rules, filters, and dashboards to improve real-time security event monitoring
  • Ensure that SIEM tools are properly integrated with other security tools and data sources for full visibility
  • Configure, monitor, and troubleshoot firewalls, intrusion detection/prevention systems (IDS/IPS), and VPNs
  • Implement and audit firewall policies, access control lists (ACLs), and network segmentation strategies to enforce least privilege and reduce attack surfaces
  • Generate daily, weekly, and monthly security reports, highlighting key security incidents, trends, and metrics for management and stakeholders
  • Maintain comprehensive documentation for security incident response procedures, policies, and post-incident analysis
  • Work closely with IT, DevOps, network engineering, and risk management teams to ensure security measures are effectively implemented
  • Support internal and external security audits by providing relevant documentation and evidence of SOC activities
  • Ensure that SOC operations are in compliance with relevant security policies, industry standards, and regulatory requirements

SOC Security Analyst

Paladion Networks
04.2008 - 12.2009
  • Monitored and analyzed security events across networks and systems using SIEM tools (e.g., Arcsight, Splunk, QRadar) to detect potential threats and incidents
  • Conducted real-time security monitoring for Firewalls, IDS/IPS, Windows/Unix servers, and VPNs, responding promptly to alarms and alerts
  • Investigated and mitigated security incidents such as malware infections, unauthorized access, and DDoS attacks to minimize operational impacts
  • Performed log analysis to identify suspicious activity, leading to the timely resolution of security vulnerabilities and incidents
  • Developed and maintained security dashboards in SIEM tools, providing real-time visibility into network traffic and security event trends
  • Created detailed security reports and advisories, including daily, weekly, and monthly incident summaries for stakeholders
  • Administered and configured security devices, including firewalls, intrusion detection/prevention systems (IDS/IPS), and VPNs
  • Conducted vulnerability assessments and penetration testing on critical systems, providing remediation strategies for identified risks
  • Collaborated with cross-functional teams to implement firewall policies, access control lists (ACLs), and network segmentation to enhance security posture
  • Managed phishing detection, investigation, and takedown efforts, coordinating with ISPs and external stakeholders
  • Responded to security incidents using established incident response protocols and escalated critical issues to relevant teams
  • Performed threat hunting and advanced malware analysis to detect sophisticated cyberattacks and minimize dwell time
  • Provided training and support to junior SOC analysts on incident detection and response best practices
  • Implemented and optimized SIEM tools, fine-tuning correlation rules, filters, and thresholds for enhanced detection capabilities

Education

B.TECH - Electrical Engineering

Biju Patnaik University Of Technology
India
01.2003 - 01.2007

Skills

  • Incident Response Management
  • Threat Detection & Analysis
  • Security Product & Endpoint Management
  • SIEM Optimization & Threat Hunting
  • Cybersecurity Strategy & Architecture
  • Firewall & Network Security
  • Digital Forensics (DFIR)
  • Application & Cloud Security

Training

  • HITB GSEC - Network Data Exfiltration Techniques
  • Bluecoat ProxySG Administrator - TR-BCCPA
  • Palo Alto Networks: Firewall Installation and Management

Timeline

Information Security Manager

PayPal PTE. Ltd.
02.2018 - Current

Lead Security Consultant

NCS Pte. Ltd.
07.2016 - 02.2018

SME - Global Cyber Security Operations

Wipro Limited (CITI Bank)
01.2011 - 07.2016

Security Analyst

ITC Infotech India Limited
12.2009 - 01.2011

SOC Security Analyst

Paladion Networks
04.2008 - 12.2009

B.TECH - Electrical Engineering

Biju Patnaik University Of Technology
01.2003 - 01.2007
MAHADEV PRASAD NANDACybersecurity Leader