Joao Antunes

Building the backend in the Bay Area


Joao Antunes

Joao Antunes

I am an Engineering Leader with almost 9+ YoE in professional software development and 3+ YoE of managing teams of software engineers. I previously held the title of Head of Engineering of a Series C startup, where at one point I was managing up to 20 engineers, including engineering managers, software engineers, data scientists and SREs.

I have a track record of building core customer-facing products, operating high-scale distributed systems, and developing high-performing teams.

I have a strong background in backend and distributed systems, including a PhD in Network Security with 7+ YoE in distributed systems research and in pan-european sponsored projects, and I am the author of several international research papers, patents in network performance monitoring and search relevancy, and two books on network attack injection.



Twitter is a microblogging and social networking service with hundreds of millions of monthly active users. At the Notifications Infrastructure team, we process up to hundreds of billions of notifications a day and are the service-of-record for email addresses and phone numbers at Twitter.

  • Engineering Manager(July 2020 – Present)
    • Manage high-performing backend engineering team.
    • Responsible for the platform and services that deliver mobile and browser push notifications, emails and SMS to Twitter users.
    • Partner with other teams and departments (Product, Relevance, Mobile Client, Testing).


Entelo (Series C) is a recruiting platform that applies intelligence to big data to help modern recruiters find, qualify, and acquire talent. We process over 6TB data daily, which poses very interesting challenges, from scalable ingestion of data to building accurate machine learning models. Entelo is a first-class recruiting platform powered by AI with an ever-growing customer base of over 700 customers, including big names such as Facebook, Amazon, Uber, Netflix, Slack, PayPal, Lyft, Asana, among others.

  • Head of Engineering (May 2019 – April 2020)
  • Tech Lead / Engineering Manager (Feb 2018 – May 2019)
  • Senior Software Engineer (Feb 2017 – Feb 2018)
    • Partnered with Product and Data Science to deliver several product features with direct impact to revenue and paid seats, e.g. revamping the Search product, integrating several third-party data sources, increasing the scalability of data ingestion to several TB/day, etc.
    • Introduced search relevance metrics and regression tests on a golden set of queries to improve Search quality.
    • Introduced synthetic data generation (seed data) to SDLC.
    • Maintained and optimized the production Elasticsearch cluster (from 40+ to 21 data nodes).
    • Introduced docker in local dev and testing environments, dockerized services (Elasticsearch, MySQL, Kafka, etc) and migrated services to kubernetes.


ThousandEyes (Series D) is a Network Performance Monitoring solution that provides visibility into the entire application service delivery chain for SaaS performance management, including internal and external network-level information paired with application and routing data. ThousandEyes is central to the global operations of the world’s largest and fastest growing brands, including Comcast, eBay, HP, 100+ of the Global 2000, 60+ of the Fortune 500, 5 of the 6 top US banks, and 20 of the 25 top SaaS companies (as of 2018).

As one of the first handfull full-time engineers at ThousandEyes (in 2012), I was part of the core backend/R&D team that was responsible for the cross-platform software running on several thousands of network agents that make up the ThousandEyes monitoring network.

  • Senior Software Engineer (Jul 2012 – Feb 2017)
    • Responsible for developing and maintaining a network probing library used by ThousandEyes software agents. This library is at the core of the network measurements done by hundreds of agents across the network that collect large volumes of data periodically, such as latency, jitter, packet loss, path trace, available bandwidth without server cooperation (patent), etc.
    • Design and implement a Voice over IP (VoIP) measurement framework for ThousandEyes agents (patent-pending).
    • Architect and implement a method of measuring the available bandwidth and network capacity between clients and servers.
    • Develop testing frameworks to perform unit testing and packet processing simulation to verify the correct behavior of the probing library.
    • Establish, maintain, and adhere to software development standards, perform peer code reviews and mentor other engineers on the team.


LASIGE is a research unit of the Department of Computer Science and Engineering (DI) of the University of Lisbon (ULisboa), Faculty of Sciences (FCUL). It develops activities in a number of relevant areas of computer science and engineering (CSE), including: Security and dependability (Navigators Group).

As a Researcher I have worked for the Navigators Group at LASIGE on Network Security and Dependibility. I have over seven years of experience in pan-european research projects, and I am the author of several international research papers, patents in network performance monitoring and search relevancy, and two books on network attack injection.

  • Researcher at MASSIF (2010 – 2012)
    • Management of Security Information and Events in Service Infrastructures (EC FP7, funding: 6M €).
    • Used attack injection methodology with protocol reverse engineering techniques to increase the dependability of core components of the MASSIF infrastructure (Java/C++).
  • Researcher at DIVERSE (2010 – 2012)
    • Diversity for Intrusion Tolerant Systems (FCT, funding: 88.5k €).
    • Designed the methodology and implemented a tool to evaluate (and solve) incompatibilities in using diversity in replicated servers (Java).
  • Teaching-Assistant at Carnegie Mellon | Portugal (2007 – 2009)
    • Course: Distributed Systems; Instructor: Hans P. Reiser
    • Course: Network Security; Instructors: Adrian Perrig and Nuno Ferreira Neves
    • Course: Special Topics in Applied Security: Nuno Ferreira Neves
  • Researcher at CRUTIAL (2006 – 2009)
    • Critical Utility Infrastructural Resilience (EC FP6, funding: 2M €)
    • Application of the attack injection techniques to increase the dependability of core components of the CRUTIAL infrastructure (Java/C++).
  • MSc on Vulnerability Assessment Through Attack Injection at University of Lisboa(2006)

  • Junior Researcher at AJECT (2005 – 2007)
    • Attack Injection on Software Components (FCT, funding: 48.5k €)
    • Development of a new methodology for the automatic discovery of security vulnerabilities in network servers (Java/C++).



The increasing reliance on networked computer systems demands for high levels of dependability. Unfortunately, new threats and forms of attack are constantly emerging to exploit flaws in these systems, compromising their correctness. An intrusion in a network server may affect its users and have serious repercussions in other services, possibly leading to other security breaches that can be exploited by further attacks. Software testing is the first line of defense against these attacks because it can support the discovery and removal of vulnerabilities. However, searching for flaws is a difficult and error-prone task and has been known to miss the detection of critical vulnerabilities. This book presents a novel methodology for the discovery of vulnerabilities that systematically generates and injects attacks, while monitoring and analyzing the target system. Several innovative solutions related to this approach are covered, including ways to infer a specification of the protocol implemented by the server, the generation of a comprehensive set of attacks, the injection and monitoring of the target system, and the automatic analysis of results.


Journal and Conference Papers


aws-lambda-goodreads-airtable Ruby

AWS Lambda function to fetch books from Goodreads, serialize, and push to Airtable. Modified from original repo: Adapt to lambda function and replace harcoded keys with env variables; Specify ruby version; Add Makefile for convenience; General refactoring; Don’t override all records by default (optimize for specific updates, such as unread to read); Cache activerecord calls to .all (since these trigger API calls); etc.

aws-lambda-meetup-rsvp Python

AWS Lambda function to query for events from a given group and automatically RSVP on specific events.

lean_algorithm_manager Python

Wrapper around QuantConnect’s open source algorithms, which allows to run several algorithms under the same QCAlgorithm object (and shared portfolio).

Tabula Chrome Extension JavaScript

A Google Chrome Extension that replaces New Tab with a beautiful TODO list.

I’ve started this project to learn a bit of frontend programming (javascript, css, angularjs) and because I wanted a nice TODO list manager. I was inspired by the beautiful design ans simplistic approch of the chrome extension Momentum. However, I wanted a more complete TODO manager, in particular the ability to log finished TODO items–a sort of personal tracking system.

google-docs-distraction-free Chrome Extension JavaScript

Chrome Extension that changes the appearance of Google Docs documents with a beautiful distraction-free writing environment. It replaces the background and sheet textures, hides away the toolbar and the comments section. Use it in full screen mode for best effect. Enjoy.

ReverX Java

A protocol reverse engineer tool written in Java. ReverX is able to derive the language (message syntax) and grammar (protocol state machine) from network traces. Since this solution only resorts to interaction samples of the protocol, it is well-suited to uncover the message formats and protocol states of closed protocols and also to automate most of the process of specifying open protocols. It currently supports text-based protocols (eg, FTP, POP, etc.) and it provides a limited support for binary-based protocols (eg, DNS).

Exbar (Lang, K. J., 1999) Java

This is my Java implementation of the Exbar (Lang, K. J., 1999) algorithm for inferring a minimum size DFA (deterministic finite automaton) consistent with a training set. Please refer to the research paper “Faster algorithms for finding minimal consistent DFAs”for additional details.

iTunes sync ratings AppleScript

This Applescript allows iTunes to sync ratings to a local file. You can then publish this file across different computers to synchronize ratings with other iTunes libraries. I suggest some sync file service such as Dropbox in order to have the ratings file instantaneously in sync. Then, all you have to do is run this script from time to time from iTunes and it will automatically synchronize your song ratings.

Aject Java

First attack injection tool for the automatic detection of security vulnerabilities in network servers. AJECT is capable of generating and injecting a large number of attacks that aim at causing unexpected behavior, indicative of vulnerabilities. AJECT is composed of a remote injector and a local monitor, capable of tracing the server’s execution (UNIX signals, memory, etc). (Java/C++)