MAHADEV PRASAD NANDA
Cybersecurity Leader
Summary
Dynamic and results-driven Cybersecurity Professional with over 16 years of experience leading security operations teams and managing large-scale security infrastructures. Specialized in designing and optimizing SOC processes, driving effective incident response strategies, and implementing proactive defence solutions. Proven track record of leading cross-functional teams, managing high-impact security incidents, and aligning security operations with organizational objectives. Experience and hands-on expertise in incident response, threat detection, threat hunting, threat intel, WAF, API security, anti-DDoS, DFIR and bot management solutions.
Overview
17
17
years of professional experience
4
4
years of post-secondary education
10
10
Certifications
Work History
Cybersecurity Manager
PayPal PTE. Ltd.
Singapore
02.2018 - Current
- Leading incident response operations within the Cyber Security Defense Center
- Manage end-to-end incident response processes, including root cause analysis (RCA).
- Managing teams across multiple geo locations
- Proficient in SIEM tool to analyze and guide team to investigate threats , artifacts and logs from various security tools
- Good understanding of MITRE ATT&CK techniques , malware behavior & persistence
- Oversee the security of systems, networks, applications, and data assets
- Good knowledge in DFIR investigations & tools
- Maintain and manage the incident response tracking system, generating reports for internal stakeholders and management as needed
- Extensive experience in handling security issues across IAM, data security, application security, network security, and internal threats
- Proficient with a wide range of security tools within the PP infrastructure, including WAF, DDoS protection, email security, firewalls, IAM, EDR, antivirus solutions, SOAR platforms, and rate limiter devices
- Validate, investigate, and mitigate application security vulnerabilities reported by external researchers on HackerOne
- Conduct real-time Layer 7 attack detection and mitigation through the configuration of rate limiting thresholds and pattern-based policies to secure PP applications
- Deep understanding of tools and processes for security incident detection and response; conduct security product evaluations and assessments for rollout
- Collaborate with second-line InfoSec, audit teams, architecture, infrastructure, engineering, and product development teams for projects, processes, and incident management
- Propose new components and techniques for proactive threat detection and prevention
- Identify, notify, and respond to security threats, escalating to management and relevant teams as necessary
- Recommend configuration changes to enhance the performance, usability, and value of threat analysis tools
- Engage in security engineering tasks, including configuring new alerts, fine-tuning false positives, and testing new security products
- Conduct threat intelligence and threat hunting using existing security mechanisms while developing innovative approaches
- Monitor global security events, analyze network traffic and logs to assess potential threats, recommend countermeasures, and evaluate potential damage to target infrastructure
- Static malware analysis, POC of tools , custom rules , regex custom rules case to case basis, tools to mention
- Highly skilled in SIEM tools such as Splunk
- Lead end-to-end edge security solutions globally for PayPal
- Conduct periodic DDoS assessments on PayPal systems and BU(load creation , traffic generation)
- Strengthen API security posture and implement necessary controls
- Familiar with cloud security & cloud security platforms
- Architect application security and DDoS mitigation strategies
- Evaluate and deploy edge security products, including WAFs, anti-DDoS solutions, and bot management tools
- In-depth knowledge of DDoS attack techniques and mitigation strategies
- Expertise in OWASP risks, vulnerabilities, and mitigation techniques
- Hands-on experience with managing web application firewalls and configuring security rules
- Focus on developing leadership and collaboration skills within the team
- Drive team growth by enhancing technical expertise and actively participating in performance processes
- Continuously build and expand a support network by fostering relationships across internal organizations
Lead Security Consultant
NCS Pte. Ltd.
07.2016 - 02.2018
- Cyber security consultant for Banking, Transport, Enterprise, Retail, Trading, Food chain organizations
- SIRT - Plan and execute containment, eradication actions and mitigation, Cyber Security Incident Investigations
- Investigating network intrusions and cyber security breaches to determine the cause and extent of the breach, network & host forensics analysis (DFIR)
- Investigate and analyze security threats at customers' premises, using established cyber security assessment methodologies
- Assisting L1 and L2 Teams in monitoring information security alerts through SIEM (Arcsight) to respond, triage, and escalate as needed
- Analyze and Investigate on Intrusion Detection System events and intelligence reports from External Vendors
- Analyzing malware samples and extract C&C and assess the depth of impact in the environment
- Submitting the malware samples to AV vendor for immediate coverage
- Performing malware analysis (static reverse engineering) by recreating the incident on the lab machine (Hands on in Ransomware, Phishing)
- Correlate findings with SOC Analysts and propose follow-ups to eliminate or mitigate the threats
- Fraudulent activity detection and Credential validation attacks
- Analyzing phishing emails and attachments and taking appropriate remediation steps as required and also submit the samples to E-mail monitoring vendors for their signature update
- Register the findings comprehensively in proper client reports and SOC systems
- Enhancing ASOC Threat Detection Capabilities
- Risk assessment, audit of customer environment and remedy
- Vulnerability Assessment report review, scan assessment on customer environment
- Threat intelligence service along with security advisories on cyber threats
- Technical reviews on customer environment to provide solution
- Threat hunting using available logs
- Pre and post assessment of security products for customers
- Playbook Development and Enhancement, Managed Endpoint Threat Response
- Enhancing SOC Security Monitoring Triage Quality
- Familiar with Cyber kill chain process
- Defining SOP, enhancing use cases for customers, building new cases and enhancing existing detection patterns
SME - Global Cyber Security Operations
Wipro Limited (CITI Bank)
01.2011 - 07.2016
- Acted as the Single Point of Contact (SPOC) for vendor relationships and client engagement in security projects
- Managed and configured perimeter security operations for devices like CheckPoint, Juniper, Palo Alto, Cisco firewalls, Bluecoat proxies, and Juniper SSL VPNs
- Coordinated with security vendors for Return Material Authorizations (RMA) and ensured smooth operations
- Conducted log analysis using security monitoring tools such as Arbor PeakFlow, SourceFire, Palo Alto Networks, Arcsight Logger, and Proofpoint in Unix and Windows environments
- Led global security projects, overseeing security standards across regions and collaborating with engineering teams to improve security infrastructure
- Handled daily change management and client requests related to firewalls and proxies, including configuring access lists, NAT, rules, and VPN setups
- Led incident response, risk management discussions with clients, and approved critical security changes
- Conducted security event reviews, risk assessments, and MAS audits
- Managed a global security team, addressing day-to-day operations and critical incidents
- Performed global SOC monitoring, research, and analysis on IDS/IPS events, firewall, proxy, VPN, and McAfee logs
- Detected anomalies and analyzed packet-level data, firewall, and proxy logs to identify potential threats
- Reviewed logs from security tools like Arbor PeakFlow, Palo Alto Networks, ForeScout, Arcsight Logger, McAfee, and Damballa in Unix and Windows environments
- Identified system vulnerabilities and implemented countermeasures based on industry standards
- Provided evidence of corporate policy violations and worked with the Incident Management Team on escalation processes
- Experienced in security incident response, escalation, and mitigation, including DDoS attacks, virus outbreaks, phishing incidents, and illegitimate email distribution
- Detected fraudulent activities, suspicious behavior, and proxy log anomalies, using threat correlation techniques
- Monitored violations, recommending SIRT actions for authentication failures and system changes across various platforms (Wintel, UNIX, SQL, Oracle, network/VPN devices)
- Tracked security violations and breaches through daily audit logs in Arcsight, ensuring timely resolution with business teams
Security Analyst
ITC Infotech India Limited
12.2009 - 01.2011
- Monitor and analyze security events from various sources (SIEM tools, IDS/IPS, firewalls, etc.) to detect threats and vulnerabilities
- Investigate, analyze, and respond to security incidents, such as malware infections, unauthorized access, phishing attacks, DDoS, and data breaches
- Escalate critical security incidents to higher management and relevant teams when necessary
- Provide detailed incident reports and root cause analysis to ensure timely remediation and future prevention
- Collaborate with IT and DevOps teams to prioritize and implement remediation strategies
- Configure, tune, and maintain SIEM platforms (QRadar, Arcsight) to enhance threat detection capabilities
- Develop custom correlation rules, filters, and dashboards to improve real-time security event monitoring
- Ensure that SIEM tools are properly integrated with other security tools and data sources for full visibility
- Configure, monitor, and troubleshoot firewalls, intrusion detection/prevention systems (IDS/IPS), and VPNs
- Implement and audit firewall policies, access control lists (ACLs), and network segmentation strategies to enforce least privilege and reduce attack surfaces
- Generate daily, weekly, and monthly security reports, highlighting key security incidents, trends, and metrics for management and stakeholders
- Maintain comprehensive documentation for security incident response procedures, policies, and post-incident analysis
- Work closely with IT, DevOps, network engineering, and risk management teams to ensure security measures are effectively implemented
- Support internal and external security audits by providing relevant documentation and evidence of SOC activities
- Ensure that SOC operations are in compliance with relevant security policies, industry standards, and regulatory requirements
SOC Security Analyst
Paladion Networks
04.2008 - 12.2009
- Monitored and analyzed security events across networks and systems using SIEM tools (e.g., Arcsight, Splunk, QRadar) to detect potential threats and incidents
- Conducted real-time security monitoring for Firewalls, IDS/IPS, Windows/Unix servers, and VPNs, responding promptly to alarms and alerts
- Investigated and mitigated security incidents such as malware infections, unauthorized access, and DDoS attacks to minimize operational impacts
- Performed log analysis to identify suspicious activity, leading to the timely resolution of security vulnerabilities and incidents
- Developed and maintained security dashboards in SIEM tools, providing real-time visibility into network traffic and security event trends
- Created detailed security reports and advisories, including daily, weekly, and monthly incident summaries for stakeholders
- Administered and configured security devices, including firewalls, intrusion detection/prevention systems (IDS/IPS), and VPNs
- Conducted vulnerability assessments and penetration testing on critical systems, providing remediation strategies for identified risks
- Collaborated with cross-functional teams to implement firewall policies, access control lists (ACLs), and network segmentation to enhance security posture
- Managed phishing detection, investigation, and takedown efforts, coordinating with ISPs and external stakeholders
- Responded to security incidents using established incident response protocols and escalated critical issues to relevant teams
- Performed threat hunting and advanced malware analysis to detect sophisticated cyberattacks and minimize dwell time
- Provided training and support to junior SOC analysts on incident detection and response best practices
- Implemented and optimized SIEM tools, fine-tuning correlation rules, filters, and thresholds for enhanced detection capabilities
Education
B.TECH - Electrical Engineering
Biju Patnaik University Of Technology
Odisha, India 01.2003 - 01.2007
Skills
Incident Response & Digital Forensics (SOC Management, Threat Hunting, Malware Analysis, DFIR)
Security Architecture & Engineering (Zero Trust, Network Security, Cloud Security, Endpoint Security)
Cyber Defense & Threat Intelligence (CTI,Threat Detection, Vulnerability Management, Risk Mitigation)
Security Operations & Automation (SIEM, SOAR, WAF, DDoS, Firewall Configuration)
Compliance & Governance (Cybersecurity Frameworks, Security Policies, Risk Assessments)
Leadership & Team Development (Training, Mentorship, Stakeholder Communication)
Project & Security Product Management
Certification
CISM certified
Training
- HITB GSEC - Network Data Exfiltration Techniques
- Bluecoat ProxySG Administrator - TR-BCCPA
- Palo Alto Networks: Firewall Installation and Management
Timeline
Cybersecurity Manager
PayPal PTE. Ltd.
02.2018 - Current
Lead Security Consultant
NCS Pte. Ltd.
07.2016 - 02.2018
SME - Global Cyber Security Operations
Wipro Limited (CITI Bank)
01.2011 - 07.2016
Security Analyst
ITC Infotech India Limited
12.2009 - 01.2011
SOC Security Analyst
Paladion Networks
04.2008 - 12.2009
B.TECH - Electrical Engineering
Biju Patnaik University Of Technology
01.2003 - 01.2007