Summary
Overview
Work History
Education
Skills
Certification
Training
Timeline
Generic
MAHADEV PRASAD NANDA

MAHADEV PRASAD NANDA

Cybersecurity Leader

Summary

Dynamic and results-driven Cybersecurity Professional with over 16 years of experience leading security operations teams and managing large-scale security infrastructures. Specialized in designing and optimizing SOC processes, driving effective incident response strategies, and implementing proactive defence solutions. Proven track record of leading cross-functional teams, managing high-impact security incidents, and aligning security operations with organizational objectives. Experience and hands-on expertise in incident response, threat detection, threat hunting, threat intel, WAF, API security, anti-DDoS, DFIR and bot management solutions.

Overview

17
17
years of professional experience
4
4
years of post-secondary education
10
10
Certifications

Work History

Cybersecurity Manager

PayPal PTE. Ltd.
02.2018 - Current
  • Leading incident response operations within the Cyber Security Defense Center
  • Manage end-to-end incident response processes, including root cause analysis (RCA).
  • Managing teams across multiple geo locations
  • Proficient in SIEM tool to analyze and guide team to investigate threats , artifacts and logs from various security tools
  • Good understanding of MITRE ATT&CK techniques , malware behavior & persistence
  • Oversee the security of systems, networks, applications, and data assets
  • Good knowledge in DFIR investigations & tools
  • Maintain and manage the incident response tracking system, generating reports for internal stakeholders and management as needed
  • Extensive experience in handling security issues across IAM, data security, application security, network security, and internal threats
  • Proficient with a wide range of security tools within the PP infrastructure, including WAF, DDoS protection, email security, firewalls, IAM, EDR, antivirus solutions, SOAR platforms, and rate limiter devices
  • Validate, investigate, and mitigate application security vulnerabilities reported by external researchers on HackerOne
  • Conduct real-time Layer 7 attack detection and mitigation through the configuration of rate limiting thresholds and pattern-based policies to secure PP applications
  • Deep understanding of tools and processes for security incident detection and response; conduct security product evaluations and assessments for rollout
  • Collaborate with second-line InfoSec, audit teams, architecture, infrastructure, engineering, and product development teams for projects, processes, and incident management
  • Propose new components and techniques for proactive threat detection and prevention
  • Identify, notify, and respond to security threats, escalating to management and relevant teams as necessary
  • Recommend configuration changes to enhance the performance, usability, and value of threat analysis tools
  • Engage in security engineering tasks, including configuring new alerts, fine-tuning false positives, and testing new security products
  • Conduct threat intelligence and threat hunting using existing security mechanisms while developing innovative approaches
  • Monitor global security events, analyze network traffic and logs to assess potential threats, recommend countermeasures, and evaluate potential damage to target infrastructure
  • Static malware analysis, POC of tools , custom rules , regex custom rules case to case basis, tools to mention
  • Highly skilled in SIEM tools such as Splunk
  • Lead end-to-end edge security solutions globally for PayPal
  • Conduct periodic DDoS assessments on PayPal systems and BU(load creation , traffic generation)
  • Strengthen API security posture and implement necessary controls
  • Familiar with cloud security & cloud security platforms
  • Architect application security and DDoS mitigation strategies
  • Evaluate and deploy edge security products, including WAFs, anti-DDoS solutions, and bot management tools
  • In-depth knowledge of DDoS attack techniques and mitigation strategies
  • Expertise in OWASP risks, vulnerabilities, and mitigation techniques
  • Hands-on experience with managing web application firewalls and configuring security rules
  • Focus on developing leadership and collaboration skills within the team
  • Drive team growth by enhancing technical expertise and actively participating in performance processes
  • Continuously build and expand a support network by fostering relationships across internal organizations

Lead Security Consultant

NCS Pte. Ltd.
07.2016 - 02.2018
  • Cyber security consultant for Banking, Transport, Enterprise, Retail, Trading, Food chain organizations
  • SIRT - Plan and execute containment, eradication actions and mitigation, Cyber Security Incident Investigations
  • Investigating network intrusions and cyber security breaches to determine the cause and extent of the breach, network & host forensics analysis (DFIR)
  • Investigate and analyze security threats at customers' premises, using established cyber security assessment methodologies
  • Assisting L1 and L2 Teams in monitoring information security alerts through SIEM (Arcsight) to respond, triage, and escalate as needed
  • Analyze and Investigate on Intrusion Detection System events and intelligence reports from External Vendors
  • Analyzing malware samples and extract C&C and assess the depth of impact in the environment
  • Submitting the malware samples to AV vendor for immediate coverage
  • Performing malware analysis (static reverse engineering) by recreating the incident on the lab machine (Hands on in Ransomware, Phishing)
  • Correlate findings with SOC Analysts and propose follow-ups to eliminate or mitigate the threats
  • Fraudulent activity detection and Credential validation attacks
  • Analyzing phishing emails and attachments and taking appropriate remediation steps as required and also submit the samples to E-mail monitoring vendors for their signature update
  • Register the findings comprehensively in proper client reports and SOC systems
  • Enhancing ASOC Threat Detection Capabilities
  • Risk assessment, audit of customer environment and remedy
  • Vulnerability Assessment report review, scan assessment on customer environment
  • Threat intelligence service along with security advisories on cyber threats
  • Technical reviews on customer environment to provide solution
  • Threat hunting using available logs
  • Pre and post assessment of security products for customers
  • Playbook Development and Enhancement, Managed Endpoint Threat Response
  • Enhancing SOC Security Monitoring Triage Quality
  • Familiar with Cyber kill chain process
  • Defining SOP, enhancing use cases for customers, building new cases and enhancing existing detection patterns

SME - Global Cyber Security Operations

Wipro Limited (CITI Bank)
01.2011 - 07.2016
  • Acted as the Single Point of Contact (SPOC) for vendor relationships and client engagement in security projects
  • Managed and configured perimeter security operations for devices like CheckPoint, Juniper, Palo Alto, Cisco firewalls, Bluecoat proxies, and Juniper SSL VPNs
  • Coordinated with security vendors for Return Material Authorizations (RMA) and ensured smooth operations
  • Conducted log analysis using security monitoring tools such as Arbor PeakFlow, SourceFire, Palo Alto Networks, Arcsight Logger, and Proofpoint in Unix and Windows environments
  • Led global security projects, overseeing security standards across regions and collaborating with engineering teams to improve security infrastructure
  • Handled daily change management and client requests related to firewalls and proxies, including configuring access lists, NAT, rules, and VPN setups
  • Led incident response, risk management discussions with clients, and approved critical security changes
  • Conducted security event reviews, risk assessments, and MAS audits
  • Managed a global security team, addressing day-to-day operations and critical incidents
  • Performed global SOC monitoring, research, and analysis on IDS/IPS events, firewall, proxy, VPN, and McAfee logs
  • Detected anomalies and analyzed packet-level data, firewall, and proxy logs to identify potential threats
  • Reviewed logs from security tools like Arbor PeakFlow, Palo Alto Networks, ForeScout, Arcsight Logger, McAfee, and Damballa in Unix and Windows environments
  • Identified system vulnerabilities and implemented countermeasures based on industry standards
  • Provided evidence of corporate policy violations and worked with the Incident Management Team on escalation processes
  • Experienced in security incident response, escalation, and mitigation, including DDoS attacks, virus outbreaks, phishing incidents, and illegitimate email distribution
  • Detected fraudulent activities, suspicious behavior, and proxy log anomalies, using threat correlation techniques
  • Monitored violations, recommending SIRT actions for authentication failures and system changes across various platforms (Wintel, UNIX, SQL, Oracle, network/VPN devices)
  • Tracked security violations and breaches through daily audit logs in Arcsight, ensuring timely resolution with business teams

Security Analyst

ITC Infotech India Limited
12.2009 - 01.2011
  • Monitor and analyze security events from various sources (SIEM tools, IDS/IPS, firewalls, etc.) to detect threats and vulnerabilities
  • Investigate, analyze, and respond to security incidents, such as malware infections, unauthorized access, phishing attacks, DDoS, and data breaches
  • Escalate critical security incidents to higher management and relevant teams when necessary
  • Provide detailed incident reports and root cause analysis to ensure timely remediation and future prevention
  • Collaborate with IT and DevOps teams to prioritize and implement remediation strategies
  • Configure, tune, and maintain SIEM platforms (QRadar, Arcsight) to enhance threat detection capabilities
  • Develop custom correlation rules, filters, and dashboards to improve real-time security event monitoring
  • Ensure that SIEM tools are properly integrated with other security tools and data sources for full visibility
  • Configure, monitor, and troubleshoot firewalls, intrusion detection/prevention systems (IDS/IPS), and VPNs
  • Implement and audit firewall policies, access control lists (ACLs), and network segmentation strategies to enforce least privilege and reduce attack surfaces
  • Generate daily, weekly, and monthly security reports, highlighting key security incidents, trends, and metrics for management and stakeholders
  • Maintain comprehensive documentation for security incident response procedures, policies, and post-incident analysis
  • Work closely with IT, DevOps, network engineering, and risk management teams to ensure security measures are effectively implemented
  • Support internal and external security audits by providing relevant documentation and evidence of SOC activities
  • Ensure that SOC operations are in compliance with relevant security policies, industry standards, and regulatory requirements

SOC Security Analyst

Paladion Networks
04.2008 - 12.2009
  • Monitored and analyzed security events across networks and systems using SIEM tools (e.g., Arcsight, Splunk, QRadar) to detect potential threats and incidents
  • Conducted real-time security monitoring for Firewalls, IDS/IPS, Windows/Unix servers, and VPNs, responding promptly to alarms and alerts
  • Investigated and mitigated security incidents such as malware infections, unauthorized access, and DDoS attacks to minimize operational impacts
  • Performed log analysis to identify suspicious activity, leading to the timely resolution of security vulnerabilities and incidents
  • Developed and maintained security dashboards in SIEM tools, providing real-time visibility into network traffic and security event trends
  • Created detailed security reports and advisories, including daily, weekly, and monthly incident summaries for stakeholders
  • Administered and configured security devices, including firewalls, intrusion detection/prevention systems (IDS/IPS), and VPNs
  • Conducted vulnerability assessments and penetration testing on critical systems, providing remediation strategies for identified risks
  • Collaborated with cross-functional teams to implement firewall policies, access control lists (ACLs), and network segmentation to enhance security posture
  • Managed phishing detection, investigation, and takedown efforts, coordinating with ISPs and external stakeholders
  • Responded to security incidents using established incident response protocols and escalated critical issues to relevant teams
  • Performed threat hunting and advanced malware analysis to detect sophisticated cyberattacks and minimize dwell time
  • Provided training and support to junior SOC analysts on incident detection and response best practices
  • Implemented and optimized SIEM tools, fine-tuning correlation rules, filters, and thresholds for enhanced detection capabilities

Education

B.TECH - Electrical Engineering

Biju Patnaik University Of Technology
Odisha, India
01.2003 - 01.2007

Skills

Incident Response & Digital Forensics (SOC Management, Threat Hunting, Malware Analysis, DFIR)

Certification

CISM certified

Training

  • HITB GSEC - Network Data Exfiltration Techniques
  • Bluecoat ProxySG Administrator - TR-BCCPA
  • Palo Alto Networks: Firewall Installation and Management

Timeline

Cybersecurity Manager

PayPal PTE. Ltd.
02.2018 - Current

Lead Security Consultant

NCS Pte. Ltd.
07.2016 - 02.2018

SME - Global Cyber Security Operations

Wipro Limited (CITI Bank)
01.2011 - 07.2016

Security Analyst

ITC Infotech India Limited
12.2009 - 01.2011

SOC Security Analyst

Paladion Networks
04.2008 - 12.2009

B.TECH - Electrical Engineering

Biju Patnaik University Of Technology
01.2003 - 01.2007
MAHADEV PRASAD NANDACybersecurity Leader