Profiles search
Eric Nunes
Information Security Engineer @Palantir
Ft. Washington, MD, United States
Details
Experience:
2022 : Present
Palantir Technologies
Information Security Engineer
1. Tech lead for developing a Fraud Analytics Platform that encompasses alert generation, normalization, analysis and escalation. Features include alert linking, account clustering, concentration analysis and automated escalation based on threat signature matching to mitigate consume / merchant fraud, account / device takeover attacks, funding source related fraud etc.
2. Signal Generation : Identifying abuse/fraud signals from customer activity data and intelligence gathered on emerging threats externally. Leading the effort for Venmo.
3. Vendor / Data Impact Metrics : Defining the impact metrics to measure efficacy of threat intel feeds and Vendors providing the data. Metrics centered around account protection, loss prevention and platform abuse identification.
4. Data Management : Managing the team’s data feeds collected from Vendor integrations and open-source intelligence. Responsible for data availability and current migration to cloud.
5. Product Research : Identified product abuse patterns in signin / signup flows. Recommended policy changes for mitigation - change led to significant reduction in attack traffic.
6. Account Protection Metrics : Computed control effectiveness metrics across PayPal product lifecycle. Alerting on anomalies detected in near real time. Multiple incidents identified in the initial stages due to alerting. A monthly KPI report presented to CISO.
7. Anti-phishing System : Developed a phishing website detector using features extracted from URL, certificate transparency logs, content of the web page and URL domain information. The detected URLs were reported to safe browsing, anti-phishing vendors etc. The AWS deployed system actions >2k URLs daily – reducing loss.
8. Python Libraries : Developed Libraries to automate security control gap analysis and fraud analysis to secure PayPal products and customer accounts. Faster incident detection and resolution.
2018 : 2022
PayPal
Staff Information Security Engineer
Leading a team of developers and analysts to built tools / products for security applications. In particular,
1. Building a data collection system for Darkweb/Surfaceweb markets and forums - to collect information regarding discussions and products relating to hacking activities.
2. Using the gathered threat intelligence to build learning models for predicting likelihood of exploitation of a vulnerability (Product : CYR3CON PR1ORITY).
3. Providing intelligence on Mobile threats for both Android and iOS applications.
4. Active Threat Assessment on client systems.
5. Named-entity recognition (to determine vulnerable software) using RNN/LSTM seq2seq\ models.
6. Developed classification models to classify web scripts as malicious. Visualized the performance of the trained model overtime and analyzed the classification errors for further improvement through Plotly dashboard. Achieved malicious script detection rate of >90%. (Client : SiteLock)
7. Assist with the expansion of CYR3CON future product features as well as the management
and development.
2016 : 2018
CYR3CON
Data Scientist / Consultant
Research projects concentrate on Cyber Security and Artificial Intelligence, mostly from data-driven perspectives. Projects include,
Tools : Python, PostgreSQL, Prolog, tcpflow.
• Modeling of threat actors : Identifying cyber adversaries using argumentation and machine learning models (knowledge base : 10 million attacks).
• Proactive Cyber-Threat Intelligence : Built a system to crawl and parse the Darknet (markets and forums) to extract cyber threat intelligence including zero-day exploits using data mining and machine learning techniques, identify at-risk systems from hacker conversations.
• Malware task identification : Identifying the tasks that a piece of malware was designed to perform on the system (adversarial intent) using cognitive learning models.
2014 : 2018
Arizona State University
Graduate Research Assistant
•Analyzed user login activity using Akamai logs and enriched it with other data feeds such as threat intelligence, merchant data, credential dumps.
•Implemented operational Anomaly detection models to detect Account Takeover (ATO) attacks to raise alerts for automated mitigation.
•Visualized ATO attacks in real time on a dashboard in Splunk.
2017 : 2017
PayPal
Security Automation Intern (Data Science)
Palantir Technologies
Information Security Engineer
1. Tech lead for developing a Fraud Analytics Platform that encompasses alert generation, normalization, analysis and escalation. Features include alert linking, account clustering, concentration analysis and automated escalation based on threat signature matching to mitigate consume / merchant fraud, account / device takeover attacks, funding source related fraud etc.
2. Signal Generation : Identifying abuse/fraud signals from customer activity data and intelligence gathered on emerging threats externally. Leading the effort for Venmo.
3. Vendor / Data Impact Metrics : Defining the impact metrics to measure efficacy of threat intel feeds and Vendors providing the data. Metrics centered around account protection, loss prevention and platform abuse identification.
4. Data Management : Managing the team’s data feeds collected from Vendor integrations and open-source intelligence. Responsible for data availability and current migration to cloud.
5. Product Research : Identified product abuse patterns in signin / signup flows. Recommended policy changes for mitigation - change led to significant reduction in attack traffic.
6. Account Protection Metrics : Computed control effectiveness metrics across PayPal product lifecycle. Alerting on anomalies detected in near real time. Multiple incidents identified in the initial stages due to alerting. A monthly KPI report presented to CISO.
7. Anti-phishing System : Developed a phishing website detector using features extracted from URL, certificate transparency logs, content of the web page and URL domain information. The detected URLs were reported to safe browsing, anti-phishing vendors etc. The AWS deployed system actions >2k URLs daily – reducing loss.
8. Python Libraries : Developed Libraries to automate security control gap analysis and fraud analysis to secure PayPal products and customer accounts. Faster incident detection and resolution.
2018 : 2022
PayPal
Staff Information Security Engineer
Leading a team of developers and analysts to built tools / products for security applications. In particular,
1. Building a data collection system for Darkweb/Surfaceweb markets and forums - to collect information regarding discussions and products relating to hacking activities.
2. Using the gathered threat intelligence to build learning models for predicting likelihood of exploitation of a vulnerability (Product : CYR3CON PR1ORITY).
3. Providing intelligence on Mobile threats for both Android and iOS applications.
4. Active Threat Assessment on client systems.
5. Named-entity recognition (to determine vulnerable software) using RNN/LSTM seq2seq\ models.
6. Developed classification models to classify web scripts as malicious. Visualized the performance of the trained model overtime and analyzed the classification errors for further improvement through Plotly dashboard. Achieved malicious script detection rate of >90%. (Client : SiteLock)
7. Assist with the expansion of CYR3CON future product features as well as the management
and development.
2016 : 2018
CYR3CON
Data Scientist / Consultant
Research projects concentrate on Cyber Security and Artificial Intelligence, mostly from data-driven perspectives. Projects include,
Tools : Python, PostgreSQL, Prolog, tcpflow.
• Modeling of threat actors : Identifying cyber adversaries using argumentation and machine learning models (knowledge base : 10 million attacks).
• Proactive Cyber-Threat Intelligence : Built a system to crawl and parse the Darknet (markets and forums) to extract cyber threat intelligence including zero-day exploits using data mining and machine learning techniques, identify at-risk systems from hacker conversations.
• Malware task identification : Identifying the tasks that a piece of malware was designed to perform on the system (adversarial intent) using cognitive learning models.
2014 : 2018
Arizona State University
Graduate Research Assistant
•Analyzed user login activity using Akamai logs and enriched it with other data feeds such as threat intelligence, merchant data, credential dumps.
•Implemented operational Anomaly detection models to detect Account Takeover (ATO) attacks to raise alerts for automated mitigation.
•Visualized ATO attacks in real time on a dashboard in Splunk.
2017 : 2017
PayPal
Security Automation Intern (Data Science)
Company:
Palantir Technologies
Spoken Language:
English, Hindi, Marathi
About
Information Security @Palantir
Profile Photo
