MAHADEV PRASAD NANDA
Cybersecurity Leader
Summary
Dynamic and results-driven Cybersecurity Professional with over 16 years of experience leading security operations teams and managing large-scale security infrastructures. Specialized in designing and optimizing SOC processes, driving effective incident response strategies, and implementing proactive defence solutions. Proven track record of leading cross-functional teams, managing high-impact security incidents, and aligning security operations with organizational objectives. Experience and hands-on expertise in incident response, threat detection, threat hunting, threat intel, WAF, API security, anti-DDoS, DFIR and bot management solutions.
Overview
17
17
years of professional experience
4
4
years of post-secondary education
10
10
Certifications
Work History
Cybersecurity Manager
PayPal PTE. Ltd.
02.2018 - Current
- Leading incident response operations within the Cyber Security Defense Center
- Manage end-to-end incident response processes, including root cause analysis (RCA).
- Managing teams across multiple geo locations
- Proficient in SIEM tool to analyze and guide team to investigate threats , artifacts and logs from various security tools
- Good understanding of MITRE ATT&CK techniques , malware behavior & persistence
- Oversee the security of systems, networks, applications, and data assets
- Good knowledge in DFIR investigations & tools
- Maintain and manage the incident response tracking system, generating reports for internal stakeholders and management as needed
- Extensive experience in handling security issues across IAM, data security, application security, network security, and internal threats
- Proficient with a wide range of security tools within the PP infrastructure, including WAF, DDoS protection, email security, firewalls, IAM, EDR, antivirus solutions, SOAR platforms, and rate limiter devices
- Validate, investigate, and mitigate application security vulnerabilities reported by external researchers on HackerOne
- Conduct real-time Layer 7 attack detection and mitigation through the configuration of rate limiting thresholds and pattern-based policies to secure PP applications
- Deep understanding of tools and processes for security incident detection and response; conduct security product evaluations and assessments for rollout
- Collaborate with second-line InfoSec, audit teams, architecture, infrastructure, engineering, and product development teams for projects, processes, and incident management
- Propose new components and techniques for proactive threat detection and prevention
- Identify, notify, and respond to security threats, escalating to management and relevant teams as necessary
- Recommend configuration changes to enhance the performance, usability, and value of threat analysis tools
- Engage in security engineering tasks, including configuring new alerts, fine-tuning false positives, and testing new security products
- Conduct threat intelligence and threat hunting using existing security mechanisms while developing innovative approaches
- Monitor global security events, analyze network traffic and logs to assess potential threats, recommend countermeasures, and evaluate potential damage to target infrastructure
- Static malware analysis, POC of tools , custom rules , regex custom rules case to case basis, tools to mention
- Highly skilled in SIEM tools such as Splunk
- Lead end-to-end edge security solutions globally for PayPal
- Conduct periodic DDoS assessments on PayPal systems and BU(load creation , traffic generation)
- Strengthen API security posture and implement necessary controls
- Familiar with cloud security & cloud security platforms
- Architect application security and DDoS mitigation strategies
- Evaluate and deploy edge security products, including WAFs, anti-DDoS solutions, and bot management tools
- In-depth knowledge of DDoS attack techniques and mitigation strategies
- Expertise in OWASP risks, vulnerabilities, and mitigation techniques
- Hands-on experience with managing web application firewalls and configuring security rules
- Focus on developing leadership and collaboration skills within the team
- Drive team growth by enhancing technical expertise and actively participating in performance processes
- Continuously build and expand a support network by fostering relationships across internal organizations
Lead Security Consultant
NCS Pte. Ltd.
07.2016 - 02.2018
- Cyber security consultant for Banking, Transport, Enterprise, Retail, Trading, Food chain organizations
- SIRT - Plan and execute containment, eradication actions and mitigation, Cyber Security Incident Investigations
- Investigating network intrusions and cyber security breaches to determine the cause and extent of the breach, network & host forensics analysis (DFIR)
- Investigate and analyze security threats at customers' premises, using established cyber security assessment methodologies
- Assisting L1 and L2 Teams in monitoring information security alerts through SIEM (Arcsight) to respond, triage, and escalate as needed
- Analyze and Investigate on Intrusion Detection System events and intelligence reports from External Vendors
- Analyzing malware samples and extract C&C and assess the depth of impact in the environment
- Submitting the malware samples to AV vendor for immediate coverage
- Performing malware analysis (static reverse engineering) by recreating the incident on the lab machine (Hands on in Ransomware, Phishing)
- Correlate findings with SOC Analysts and propose follow-ups to eliminate or mitigate the threats
- Fraudulent activity detection and Credential validation attacks
- Analyzing phishing emails and attachments and taking appropriate remediation steps as required and also submit the samples to E-mail monitoring vendors for their signature update
- Register the findings comprehensively in proper client reports and SOC systems
- Enhancing ASOC Threat Detection Capabilities
- Risk assessment, audit of customer environment and remedy
- Vulnerability Assessment report review, scan assessment on customer environment
- Threat intelligence service along with security advisories on cyber threats
- Technical reviews on customer environment to provide solution
- Threat hunting using available logs
- Pre and post assessment of security products for customers
- Playbook Development and Enhancement, Managed Endpoint Threat Response
- Enhancing SOC Security Monitoring Triage Quality
- Familiar with Cyber kill chain process
- Defining SOP, enhancing use cases for customers, building new cases and enhancing existing detection patterns
SME - Global Cyber Security Operations
Wipro Limited (CITI Bank)
01.2011 - 07.2016
- Acted as the Single Point of Contact (SPOC) for vendor relationships and client engagement in security projects
- Managed and configured perimeter security operations for devices like CheckPoint, Juniper, Palo Alto, Cisco firewalls, Bluecoat proxies, and Juniper SSL VPNs
- Coordinated with security vendors for Return Material Authorizations (RMA) and ensured smooth operations
- Conducted log analysis using security monitoring tools such as Arbor PeakFlow, SourceFire, Palo Alto Networks, Arcsight Logger, and Proofpoint in Unix and Windows environments
- Led global security projects, overseeing security standards across regions and collaborating with engineering teams to improve security infrastructure
- Handled daily change management and client requests related to firewalls and proxies, including configuring access lists, NAT, rules, and VPN setups
- Led incident response, risk management discussions with clients, and approved critical security changes
- Conducted security event reviews, risk assessments, and MAS audits
- Managed a global security team, addressing day-to-day operations and critical incidents
- Performed global SOC monitoring, research, and analysis on IDS/IPS events, firewall, proxy, VPN, and McAfee logs
- Detected anomalies and analyzed packet-level data, firewall, and proxy logs to identify potential threats
- Reviewed logs from security tools like Arbor PeakFlow, Palo Alto Networks, ForeScout, Arcsight Logger, McAfee, and Damballa in Unix and Windows environments
- Identified system vulnerabilities and implemented countermeasures based on industry standards
- Provided evidence of corporate policy violations and worked with the Incident Management Team on escalation processes
- Experienced in security incident response, escalation, and mitigation, including DDoS attacks, virus outbreaks, phishing incidents, and illegitimate email distribution
- Detected fraudulent activities, suspicious behavior, and proxy log anomalies, using threat correlation techniques
- Monitored violations, recommending SIRT actions for authentication failures and system changes across various platforms (Wintel, UNIX, SQL, Oracle, network/VPN devices)
- Tracked security violations and breaches through daily audit logs in Arcsight, ensuring timely resolution with business teams
Security Analyst
ITC Infotech India Limited
12.2009 - 01.2011
- Monitor and analyze security events from various sources (SIEM tools, IDS/IPS, firewalls, etc.) to detect threats and vulnerabilities
- Investigate, analyze, and respond to security incidents, such as malware infections, unauthorized access, phishing attacks, DDoS, and data breaches
- Escalate critical security incidents to higher management and relevant teams when necessary
- Provide detailed incident reports and root cause analysis to ensure timely remediation and future prevention
- Collaborate with IT and DevOps teams to prioritize and implement remediation strategies
- Configure, tune, and maintain SIEM platforms (QRadar, Arcsight) to enhance threat detection capabilities
- Develop custom correlation rules, filters, and dashboards to improve real-time security event monitoring
- Ensure that SIEM tools are properly integrated with other security tools and data sources for full visibility
- Configure, monitor, and troubleshoot firewalls, intrusion detection/prevention systems (IDS/IPS), and VPNs
- Implement and audit firewall policies, access control lists (ACLs), and network segmentation strategies to enforce least privilege and reduce attack surfaces
- Generate daily, weekly, and monthly security reports, highlighting key security incidents, trends, and metrics for management and stakeholders
- Maintain comprehensive documentation for security incident response procedures, policies, and post-incident analysis
- Work closely with IT, DevOps, network engineering, and risk management teams to ensure security measures are effectively implemented
- Support internal and external security audits by providing relevant documentation and evidence of SOC activities
- Ensure that SOC operations are in compliance with relevant security policies, industry standards, and regulatory requirements
SOC Security Analyst
Paladion Networks
04.2008 - 12.2009
- Monitored and analyzed security events across networks and systems using SIEM tools (e.g., Arcsight, Splunk, QRadar) to detect potential threats and incidents
- Conducted real-time security monitoring for Firewalls, IDS/IPS, Windows/Unix servers, and VPNs, responding promptly to alarms and alerts
- Investigated and mitigated security incidents such as malware infections, unauthorized access, and DDoS attacks to minimize operational impacts
- Performed log analysis to identify suspicious activity, leading to the timely resolution of security vulnerabilities and incidents
- Developed and maintained security dashboards in SIEM tools, providing real-time visibility into network traffic and security event trends
- Created detailed security reports and advisories, including daily, weekly, and monthly incident summaries for stakeholders
- Administered and configured security devices, including firewalls, intrusion detection/prevention systems (IDS/IPS), and VPNs
- Conducted vulnerability assessments and penetration testing on critical systems, providing remediation strategies for identified risks
- Collaborated with cross-functional teams to implement firewall policies, access control lists (ACLs), and network segmentation to enhance security posture
- Managed phishing detection, investigation, and takedown efforts, coordinating with ISPs and external stakeholders
- Responded to security incidents using established incident response protocols and escalated critical issues to relevant teams
- Performed threat hunting and advanced malware analysis to detect sophisticated cyberattacks and minimize dwell time
- Provided training and support to junior SOC analysts on incident detection and response best practices
- Implemented and optimized SIEM tools, fine-tuning correlation rules, filters, and thresholds for enhanced detection capabilities
Education
B.TECH - Electrical Engineering
Biju Patnaik University Of Technology
Odisha, India 01.2003 - 01.2007
Skills
Incident Response & Digital Forensics (SOC Management, Threat Hunting, Malware Analysis, DFIR)
Certification
CISM certified
Training
- HITB GSEC - Network Data Exfiltration Techniques
- Bluecoat ProxySG Administrator - TR-BCCPA
- Palo Alto Networks: Firewall Installation and Management
Timeline
Cybersecurity Manager
PayPal PTE. Ltd.
02.2018 - Current
Lead Security Consultant
NCS Pte. Ltd.
07.2016 - 02.2018
SME - Global Cyber Security Operations
Wipro Limited (CITI Bank)
01.2011 - 07.2016
Security Analyst
ITC Infotech India Limited
12.2009 - 01.2011
SOC Security Analyst
Paladion Networks
04.2008 - 12.2009
B.TECH - Electrical Engineering
Biju Patnaik University Of Technology
01.2003 - 01.2007
Similar Profiles
MAHADEV PRASAD NANDAMAHADEV PRASAD NANDA
Information Security Manager at PayPal PTE. Ltd.Information Security Manager at PayPal PTE. Ltd.
MAHADEV PRASAD NANDAMAHADEV PRASAD NANDA
Information Security Manager at PayPal PTE. Ltd.Information Security Manager at PayPal PTE. Ltd.
Kasaiah MeruvaKasaiah Meruva
Sr. Manager-Software Development at PayPal Pte LtdSr. Manager-Software Development at PayPal Pte Ltd