MAHADEV PRASAD NANDA

Incident Response Leadership

• Directed complex cyber incident investigations across enterprise environments, ensuring rapid containment, eradication, and recovery while minimizing business disruption and reputational risk.
• Led root cause analysis (RCA) and comprehensive post-incident reporting, driving continuous improvement in security posture and operational resilience.
• Managed end-to-end incident response processes, including forensic investigations, security log analysis, and coordination with internal and external stakeholders for timely mitigation.

Threat Detection & Hunting

• Designed and optimized SIEM use cases and MITRE ATT&CK-based detection frameworks, significantly enhancing threat visibility and reducing mean time to detect (MTTD).
• Led proactive threat hunting initiatives using behavioral analytics and threat intelligence to identify and neutralize advanced persistent threats (APTs) and emerging attack vectors.
• Developed and fine-tuned detection rules, automated alerts, and SOAR playbooks to streamline alert triage, reduce false positives, and accelerate incident response.

Security Operation & Tooling

• Managed and optimized a diverse security stack including EDR, XDR, IDS/IPS, SOAR, WAF, DDoS protection, IAM, and firewall solutions, improving real-time threat detection and operational efficiency.
• Automated incident response workflows via SOAR platforms, reducing mean time to respond (MTTR) by up to 30% and enabling rapid containment of high-severity threats.
• Led detection engineering efforts, enhancing correlation rules and alerting mechanisms within Splunk and other SIEM platforms to improve accuracy and coverage.

Cloud Security & Incident Response

• Directed security incident response for cloud environments (AWS, Azure, GCP), strengthening API security controls and implementing scalable DDoS mitigation strategies to protect cloud-native applications.
• Architected edge security solutions and rate limiting controls to defend against Layer 7 attacks and bot traffic, ensuring robust cloud infrastructure resilience.

Threat Intelligence & Risk Assessment

• Established and maintained comprehensive threat intelligence programs by monitoring gloabal threat feeds, OSINT, and dark web activity to identify emerging risks and adversary tactics.
• Mapped adversary tactics, techniques, and procedures (TTPs) using MITRE ATT&CK, integrating intelligence into detection and response strategies to proactively defend against sophisticated threats.
• Developed cyber threat models and risk assessments to inform strategic defense initiatives and align security operations with organizational risk appetite.

Leadership, Team Management & Collaboration

• Mentored and led a high-performing, globally distributed cybersecurity team of 20+ analysts and responders, fostering continuous professional development and operational excellence.
• Developed and delivered targeted training programs on malware analysis, adversary emulation, and AI/ML-based anomaly detection to enhance team capabilities.
• Collaborated cross-functionally with IT, legal, compliance, and business units to align cybersecurity initiatives with regulatory requirements and business objectives.
• Served as a trusted advisor to C-suite and board members, providing clear, actionable threat briefings and risk posture updates supported by executive dashboards and metrics.

Process Development & Communication

• Designed and implemented operational workflows for incident tracking, escalation, and remediation, improving response efficiency and consistency across the fusion center.
• Authored detailed technical and executive reports on cyber incidents, vulnerabilities, and remediation strategies, enabling data-driven decision-making at all organizational levels.
• Led cross-functional crisis simulations and regulatory audit preparations, ensuring compliance with industry standards such as NIST, ISO 27001, and CIS Controls.

• Delivered cybersecurity consulting and incident response for clients across banking, transport, retail, trading, and enterprise sectors.
• Led containment, eradication, and recovery efforts for major security incidents; performed host and network forensics (DFIR) to assess root cause and impact.
• Conducted threat assessments, malware analysis (including ransomware and phishing), and static reverse engineering in lab environments.
• Supported L1/L2 teams with triage and escalation using SIEM tools (Arcsight); investigated IDS events and vendor intelligence reports.
• Detected and responded to fraudulent activity, phishing attempts, and credential validation attacks; coordinated with AV/email vendors for remediation.
• Authored detailed reports, enhanced detection use cases, and collaborated on SOC process improvements and playbook development.
• Performed vulnerability assessments, risk audits, and pre/post product evaluations for endpoint and network security controls.
• Delivered cyber threat intelligence services and tailored security advisories; applied kill chain modeling to threat hunting efforts.
• Reviewed technical environments and proposed optimized detection strategies; contributed to SOP design and ASOC triage enhancement.

• Served as the Single Point of Contact (SPOC) for vendor coordination and client engagement in global security projects.
• Managed perimeter security infrastructure including CheckPoint, Palo Alto, Juniper, Cisco firewalls, Bluecoat proxies, and VPN solutions.
• Led configuration, change management, and troubleshooting for firewall rules, NAT, ACLs, and VPN access.
• Conducted advanced log analysis and threat correlation using tools such as Arcsight Logger, Arbor PeakFlow, SourceFire, Proofpoint, and McAfee across Unix and Windows environments.
• Oversaw global SOC operations, monitoring IDS/IPS, firewall, proxy, and VPN logs; detected anomalies and investigated potential threats.
• Directed incident response and risk management efforts, including DDoS, phishing, malware, and policy violations.
• Performed system vulnerability assessments, implemented countermeasures, and ensured timely resolution of security breaches.
• Reviewed audit logs, tracked incidents, and recommended SIRT actions across heterogeneous platforms (Wintel, UNIX, SQL, Oracle).
• Ensured compliance through MAS audits and ongoing collaboration with internal and external stakeholders.

• Directed monitoring and analysis of security events across SIEM (QRadar, Arcsight), IDS/IPS, firewalls, and VPNs to identify threats and vulnerabilities.
• Led investigations and coordinated response efforts for critical incidents including malware, phishing, DDoS, data breaches, and unauthorized access.
• Drove escalation processes and cross-functional collaboration with IT, DevOps, and risk teams to ensure effective remediation and prevention.
• Architected and optimized SIEM use cases, correlation rules, and dashboards to enhance real-time threat detection and situational awareness.
• Ensured seamless integration of SIEM with broader security infrastructure for comprehensive visibility and response coverage.
• Oversaw firewall policy management, ACL enforcement, and network segmentation to uphold least privilege and reduce attack surfaces.
• Delivered executive-level incident reporting, trend analysis, and operational metrics to inform strategic decisions.
• Maintained audit-ready documentation and ensured SOC compliance with internal policies, regulatory frameworks, and industry standards.

• Led real-time monitoring and analysis of security events using SIEM platforms (Arcsight, Splunk, QRadar) to detect and respond to emerging threats.
• Investigated malware infections, DDoS attacks, and unauthorized access incidents, ensuring timely containment and mitigation.
• Conducted log analysis across Windows/Unix servers, firewalls, IDS/IPS, and VPNs to uncover suspicious behavior and vulnerabilities.
• Developed and maintained SIEM dashboards and generated executive-level security advisories and incident reports.
• Administered and optimized firewall and IDS/IPS configurations; conducted vulnerability assessments and penetration testing on critical systems.
• Collaborated with cross-functional teams to enforce ACLs, implement network segmentation, and strengthen perimeter defenses.
• Managed phishing investigations and coordinated takedown efforts with external partners.
• Delivered threat hunting and advanced malware analysis to detect stealthy attack patterns and reduce dwell time.
• Mentored junior SOC analysts and enhanced detection workflows through SIEM rule tuning and correlation logic.