Professional

Twitter

Twitter is a microblogging and social networking service with hundreds of millions of monthly active users. At the Notifications Infrastructure team, we process up to hundreds of billions of notifications a day and are the service-of-record for email addresses and phone numbers at Twitter.

Engineering Manager(July 2020 – July 2022)
- Manage high-performing backend engineering team.
- Responsible for the platform and services that deliver mobile and browser push notifications, emails and SMS to Twitter users.
- Partner with other teams and departments (Product, Relevance, Mobile Client, Testing).

Entelo

Entelo (Series C) is a recruiting platform that applies intelligence to big data to help modern recruiters find, qualify, and acquire talent. We process over 6TB data daily, which poses very interesting challenges, from scalable ingestion of data to building accurate machine learning models. Entelo is a first-class recruiting platform powered by AI with an ever-growing customer base of over 700 customers, including big names such as Facebook, Amazon, Uber, Netflix, Slack, PayPal, Lyft, Asana, among others.

Head of Engineering (May 2019 – April 2020)
Tech Lead / Engineering Manager (Feb 2018 – May 2019)
Senior Software Engineer (Feb 2017 – Feb 2018)
- Partnered with Product and Data Science to deliver several product features with direct impact to revenue and paid seats, e.g. revamping the Search product, integrating several third-party data sources, increasing the scalability of data ingestion to several TB/day, etc.
- Introduced search relevance metrics and regression tests on a golden set of queries to improve Search quality.
- Introduced synthetic data generation (seed data) to SDLC.
- Maintained and optimized the production Elasticsearch cluster (from 40+ to 21 data nodes).
- Introduced docker in local dev and testing environments, dockerized services (Elasticsearch, MySQL, Kafka, etc) and migrated services to kubernetes.

ThousandEyes

ThousandEyes (acquired by Cisco) is a Network Performance Monitoring solution that provides visibility into the entire application service delivery chain for SaaS performance management, including internal and external network-level information paired with application and routing data. ThousandEyes is central to the global operations of the world’s largest and fastest growing brands, including Comcast, eBay, HP, 100+ of the Global 2000, 60+ of the Fortune 500, 5 of the 6 top US banks, and 20 of the 25 top SaaS companies (as of 2018).

As one of the first handfull full-time engineers at ThousandEyes (in 2012), I was part of the core backend/R&D team that was responsible for the cross-platform software running on several thousands of network agents that make up the ThousandEyes monitoring network.

Senior Software Engineer (Jul 2012 – Feb 2017)
- Responsible for developing and maintaining a network probing library used by ThousandEyes software agents. This library is at the core of the network measurements done by hundreds of agents across the network that collect large volumes of data periodically, such as latency, jitter, packet loss, path trace, available bandwidth without server cooperation (patent), etc.
- Design and implement a Voice over IP (VoIP) measurement framework for ThousandEyes agents (patent-pending).
- Architect and implement a method of measuring the available bandwidth and network capacity between clients and servers.
- Develop testing frameworks to perform unit testing and packet processing simulation to verify the correct behavior of the probing library.
- Establish, maintain, and adhere to software development standards, perform peer code reviews and mentor other engineers on the team.

🪪 Patents

Systems Having Improved Interfaces For Search And Related Methods And Apparatus, Joao Antunes, US Patent (Provisional), 2018
Monitoring Voice-Over-IP Performance Over The Internet, Ricardo Oliveira and Joao Antunes, US Patent Application 15/153,642, filed May, 2016, Patent Pending.
Estimating Network Capacity And Network Bandwidth Without Server Instrumentation, Ricardo Oliveira and Joao Antunes, US Patent 9,503,384, filed October 2014, and issued Nov. 2016.

📄 Blog Posts

Why You Should Make Everyone a Project Lead, April 2019
Measure and Manage Voice Performance Across Networks, September 2014
A Very Simple Model for TCP Throughput, July 2013

Academia

Research at LASIGE

LASIGE is a research unit of the Department of Computer Science and Engineering (DI) of the University of Lisbon (ULisboa), Faculty of Sciences (FCUL). It develops activities in a number of relevant areas of computer science and engineering (CSE), including: Security and dependability (Navigators Group).

As a Researcher I have worked for the Navigators Group at LASIGE on Network Security and Dependibility. I have over seven years of experience in pan-european research projects, and I am the author of several international research papers, patents in network performance monitoring and search relevancy, and two books on network attack injection.

PhD on Network Attack Injection at University of Lisboa(2012)

Researcher at MASSIF (2010 – 2012)
- Management of Security Information and Events in Service Infrastructures (EC FP7, funding: 6M €).
- Used attack injection methodology with protocol reverse engineering techniques to increase the dependability of core components of the MASSIF infrastructure (Java/C++).
Researcher at DIVERSE (2010 – 2012)
- Diversity for Intrusion Tolerant Systems (FCT, funding: 88.5k €).
- Designed the methodology and implemented a tool to evaluate (and solve) incompatibilities in using diversity in replicated servers (Java).
Teaching-Assistant at Carnegie Mellon | Portugal (2007 – 2009)
- Course: Distributed Systems; Instructor: Hans P. Reiser
- Course: Network Security; Instructors: Adrian Perrig and Nuno Ferreira Neves
- Course: Special Topics in Applied Security: Nuno Ferreira Neves
Researcher at CRUTIAL (2006 – 2009)
- Critical Utility Infrastructural Resilience (EC FP6, funding: 2M €)
- Application of the attack injection techniques to increase the dependability of core components of the CRUTIAL infrastructure (Java/C++).
MSc on Vulnerability Assessment Through Attack Injection at University of Lisboa(2006)
Junior Researcher at AJECT (2005 – 2007)
- Attack Injection on Software Components (FCT, funding: 48.5k €)
- Development of a new methodology for the automatic discovery of security vulnerabilities in network servers (Java/C++).

Books

The increasing reliance on networked computer systems demands for high levels of dependability. Unfortunately, new threats and forms of attack are constantly emerging to exploit flaws in these systems, compromising their correctness. An intrusion in a network server may affect its users and have serious repercussions in other services, possibly leading to other security breaches that can be exploited by further attacks. Software testing is the first line of defense against these attacks because it can support the discovery and removal of vulnerabilities. However, searching for flaws is a difficult and error-prone task and has been known to miss the detection of critical vulnerabilities. This book presents a novel methodology for the discovery of vulnerabilities that systematically generates and injects attacks, while monitoring and analyzing the target system. Several innovative solutions related to this approach are covered, including ways to infer a specification of the protocol implemented by the server, the generation of a comprehensive set of attacks, the injection and monitoring of the target system, and the automatic analysis of results.

Network Attack Injection, Joao Antunes, 2013, Scholar’s Press (ISBN-13: 978-3639513677)
Vulnerability Assessment Through Attack Injection, Joao Antunes, 2009, VDM Verlag (ISBN-13: 978-3639201789)

Journal and Conference Papers

Recycling Test Cases to Detect Security Vulnerabilities, Joao Antunes and Nuno Neves, in Proceedings of the International Symposium on Software Reliability Engineering (ISSRE), Dallas, USA, Nov. 2012.
Using Behavioral Profiles to Detect Software Flaws in Network Servers, Joao Antunes and Nuno Neves, in Proceedings of the International Symposium on Software Reliability Engineering (ISSRE), Hiroshima, Japan, Nov. 2011.
Reverse Engineering of Protocols from Network Traces, Joao Antunes, Nuno Neves, and Paulo Verissimo, in Proceedings of the Working Conference on Reverse Engineering (WCRE), Lero, Limerick, Ireland, Oct. 2011.
DiveInto: Supporting Diversity in Intrusion-Tolerant Systems, Joao Antunes and Nuno Neves, in Proc. of the Symposium on Reliable Distributed Systems (SRDS), Madrid, Spain, Oct. 2011.
Vulnerability Removal with Attack Injection, Joao Antunes, Nuno Neves, Miguel Correia, Paulo Verissimo, and Rui Neves, in IEEE Transactions on Software Engineering, Special issue on Evaluation and Improvement of Software Dependability, May-June 2010.
Building an Automaton Towards Protocol Reverse Engineering, Joao Antunes, Nuno Ferreira Neves, in Proceedings of the Simpósio de Informática Inforum, Lisbon, Portugal, Sep. 2009.
Detection and Prediction of Resource-Exhaustion Vulnerabilities, Joao Antunes, Nuno Ferreira Neves, Paulo Veríssimo, in Proceedings of the International Symposium on Software Reliability Engineering (ISSRE), Seattle, USA, Nov. 2008.
Using Attack Injection to Discover New Vulnerabilities, Nuno Ferreira Neves, Joao Antunes, Miguel Correia, Paulo Veríssimo, Rui Neves, in Proceedings of the International Conference on Dependable Systems and Networks (DSN), Philadelphia, USA, June 2006.

Open-Source

aws-lambda-goodreads-airtable Ruby

AWS Lambda function to fetch books from Goodreads, serialize, and push to Airtable. Modified from original repo: Adapt to lambda function and replace harcoded keys with env variables; Specify ruby version; Add Makefile for convenience; General refactoring; Don’t override all records by default (optimize for specific updates, such as unread to read); Cache activerecord calls to .all (since these trigger API calls); etc.

Github: https://github.com/jasantunes/aws-lambda-goodreads-airtable

aws-lambda-meetup-rsvp Python

AWS Lambda function to query Meetup.com for events from a given group and automatically RSVP on specific events.

Github: https://github.com/jasantunes/aws-lambda-meetup-rsvp

lean_algorithm_manager Python

Wrapper around QuantConnect’s open source algorithms, which allows to run several algorithms under the same QCAlgorithm object (and shared portfolio).

Github: https://github.com/jasantunes/lean_algorithm_manager

Tabula Chrome Extension JavaScript

A Google Chrome Extension that replaces New Tab with a beautiful TODO list.

I’ve started this project to learn a bit of frontend programming (javascript, css, angularjs) and because I wanted a nice TODO list manager. I was inspired by the beautiful design ans simplistic approch of the chrome extension Momentum. However, I wanted a more complete TODO manager, in particular the ability to log finished TODO items–a sort of personal tracking system.

Chrome Store: Tabula (New Tab To-do List)

Github: https://github.com/jasantunes/Tabula

google-docs-distraction-free Chrome Extension JavaScript

Chrome Extension that changes the appearance of Google Docs documents with a beautiful distraction-free writing environment. It replaces the background and sheet textures, hides away the toolbar and the comments section. Use it in full screen mode for best effect. Enjoy.

Chrome Store: Distraction-Free for Google Docs

Github: https://github.com/jasantunes/google-docs-distraction-free

ReverX Java

A protocol reverse engineer tool written in Java. ReverX is able to derive the language (message syntax) and grammar (protocol state machine) from network traces. Since this solution only resorts to interaction samples of the protocol, it is well-suited to uncover the message formats and protocol states of closed protocols and also to automate most of the process of specifying open protocols. It currently supports text-based protocols (eg, FTP, POP, etc.) and it provides a limited support for binary-based protocols (eg, DNS).

Github: https://github.com/jasantunes/reverx

Exbar (Lang, K. J., 1999) Java

This is my Java implementation of the Exbar (Lang, K. J., 1999) algorithm for inferring a minimum size DFA (deterministic finite automaton) consistent with a training set. Please refer to the research paper “Faster algorithms for finding minimal consistent DFAs”for additional details.

Github: https://github.com/jasantunes/aject

iTunes sync ratings AppleScript

This Applescript allows iTunes to sync ratings to a local file. You can then publish this file across different computers to synchronize ratings with other iTunes libraries. I suggest some sync file service such as Dropbox in order to have the ratings file instantaneously in sync. Then, all you have to do is run this script from time to time from iTunes and it will automatically synchronize your song ratings.

Download: SyncRatings0.1.scpt

Aject Java

First attack injection tool for the automatic detection of security vulnerabilities in network servers. AJECT is capable of generating and injecting a large number of attacks that aim at causing unexpected behavior, indicative of vulnerabilities. AJECT is composed of a remote injector and a local monitor, capable of tracing the server’s execution (UNIX signals, memory, etc). (Java/C++)