Senior Network & Systems Infrastructure Engineer

Sarkis Derwartanian

I build, operate, and improve infrastructure where ISP networks, Linux systems, virtualization, automation, and observability meet. My work covers routing, subscriber platforms, CGNAT, traffic shaping, DNS services, monitoring pipelines, backup and recovery workflows, and internal tools that make production environments easier to understand and support.

I focus on practical engineering: stable network design, reliable Linux services, clear telemetry, repeatable automation, resilient storage, and troubleshooting workflows that reduce guesswork during day-to-day operations.

CERTIFIED: CCNA 200-301
Request CV
CV is available by request.
Technical Arsenal

Tools and infrastructure areas I work across

Networking / ISP

  • BGP, MPLS, OSPF, VLANs, IRB
  • PPPoE, L2TP, CGNAT
  • QoS, traffic shaping, firewall filters
  • MikroTik, Juniper, Cisco labs
  • SNMP, sFlow, NetFlow

Linux / Systems

  • Ubuntu, Debian, Fedora, CentOS
  • iptables, ipset, tc, tcpdump, wireshark
  • accel-ppp, FreeRADIUS
  • dnsmasq, Unbound, DNS services
  • Docker, Docker Compose
  • ZFS, mdadm, LVM

Platforms / Operations

  • Proxmox, Ceph, Clusters, HA
  • Hyper-V, pfSense, OPNsense, OpenWrt
  • Grafana, Zabbix, Prometheus
  • Graylog, NetBox
  • ISPConfig, Postfix, phpMyAdmin

Automation / Cloud

  • Go, Python, Bash, PowerShell
  • Flutter, Dart, Kotlin, JavaScript
  • AWS EC2, S3, IAM, Lambda
  • Cloudflare DNS / API
  • ChatGPT and Gemini workflows
Engineering Projects

Network and infrastructure projects focused on automation, monitoring, operational visibility and cloud control.

ZabbixGrafanaAlertingBGP

Integrated Network Monitoring Suite

Created a unified visibility layer for ISP infrastructure, moving beyond standard SNMP dashboards into actionable monitoring, alerting, and remote operational visibility.

Monitoring & Alerting Workflow
  • Automated Mitigation: Built Zabbix triggers that execute custom scripts to modify Juniper firewall policers and send operational alerts on defined schedules.
  • BGP & Interface Telemetry: Built Grafana dashboards for BGP session states, flapping events, ICMP, packet loss, interface bandwidth, reseller traffic, and RADIUS-based subscriber visibility.
  • Remote Visuals: Developed a messaging-based workflow that renders and delivers Grafana panels through Image Renderer for quick status checks.
Gallery
Alert Notification Cisco Interface Metrics BGP Session Monitoring Reseller RADIUS Stats BGP Flapping Alert
Sensitive data such as IPs and router names has been redacted.
GoLinux tcaccel-pppFreeRADIUSTraffic Accounting

Traffic Intelligence & Collection System

Developed a traffic collection system to separate and account for transit traffic versus CDN/peering traffic using Linux tc class counters, PPP session state, and RADIUS-driven service context.

Traffic Collection Logic
  • Kernel-Level Collection: Engineered a Go collector to scrape byte counters from Linux tc classes directly from the kernel.
  • Service Separation: Used traffic classes to distinguish real transit traffic from CDN/cache traffic such as Akamai, FNA, GGC, and Netflix-style local delivery.
  • Subscriber Context: Integrated accel-ppp session state and FreeRADIUS attributes so dynamic PPP interfaces could still be mapped back to the correct subscriber and service policy.
  • Operational Value: Helped identify expensive upstream usage versus cheaper local/cache traffic, giving the ISP better visibility into usage patterns and network cost drivers.
Real vs CDN Traffic Usage
Sensitive data such as usernames and live IPs has been redacted.
Web UISupport ToolsLatencyTraffic VisibilityTroubleshooting

Subscriber Support Portal

Built a support-facing portal that allows agents to search by PPPoE username and quickly view live customer traffic, latency, and isolated service metrics during troubleshooting.

Support Workflow
  • Username-Based Lookup: Allowed support teams to search by subscriber username instead of manually tracking changing PPP interface names.
  • Live Troubleshooting View: Displayed latency and live traffic indicators so support could quickly understand whether a customer issue was local, upstream, or service-specific.
  • Service-Level Visibility: Presented separated traffic views for real/transit and CDN/cache services to reduce guesswork during customer support calls.
Gallery
Customer Live Traffic Dashboard Isolated CDN Traffic Graphs Live Download Upload Monitoring
Sensitive data such as usernames and live IPs has been redacted.
BashAWS S3NASrcloneDisaster Recovery

Automated Configuration & Backup Recovery

Designed a backup and recovery ecosystem for multi-vendor environments, combining scheduled backups, safe execution checks, retention handling, and off-site cloud replication.

Backup Architecture Logic
Backup Architecture Flow
  • Intelligent Execution: Added error handling for states such as Juniper commit locks so backups run safely.
  • Storage Optimization: Used retention and pruning logic to remove specific file patterns outside the compliance window.
  • Multi-Target Redundancy: Automated backups to NAS through SFTP/SMB and synchronized archives to AWS S3 using rclone.
FlutterAWS EC2 & LambdaAPI GatewayDockerCloudflare API

EC2 Service Controller

An Android mobile application built to manage an on-demand AWS EC2 environment, allowing controlled instance start/stop actions, Docker container health checks, live log access, and automatic Cloudflare CNAME synchronization whenever the EC2 public endpoint changes after startup.

Cloud Automation & Service Monitoring
  • Automated Polling: A background heartbeat keeps the mobile UI synchronized with AWS EC2 state and service availability.
  • Container Verification: Verifies that the required Docker container is actually online and ready, not only that the EC2 instance is running.
  • DNS Automation: Updates the Cloudflare CNAME target when the EC2 public endpoint changes after startup.
  • Live Log Access: Fetches and displays remote service logs inside the app for quick operational visibility.
  • Controlled Operations: Provides safe start/stop and verification actions without requiring direct AWS console access.
Gallery
AWS Running Status AWS Stopped Status Cloudflare CNAME Sync Live Server Logs App Navigation
Sensitive data such as instance IDs, URLs, and internal identifiers has been redacted.
FlutterGeckoViewExoPlayerDOM ManipulationKotlin

Hybrid Media Engine

A custom Android application engineered for hardware-accelerated Picture-in-Picture, persistent background audio, native media controls, and hybrid playback behavior.

Architecture & Lifecycle Handoff
GeckoView Architecture Flow
  • Native Authentication: Used Mozilla GeckoView instead of the standard Android WebView to support authentication flows that are commonly restricted in embedded WebView environments, avoiding disallowed user-agent errors while keeping the login process inside the application.
  • Bandwidth-Optimized Handoff: Engineered a lazy-loading handoff between GeckoView and native ExoPlayer playback to avoid duplicate streaming and reduce bandwidth waste on slower connections. ExoPlayer initialization is deferred until the primary GeckoView session is paused.
  • Native OS Media Controls: Developed a native Android BroadcastReceiver to handle OS-level media actions such as play and pause from the PiP window, routing commands through a Flutter MethodChannel for synchronized playback control.
  • Hybrid Rendering & Permissions: Combined GeckoView for the browsing layer with native Android media handling, including permission delegation for microphone access, voice input, and media-related browser capabilities.
  • Strict Lifecycle Management: Integrated with Android and Flutter lifecycle events to handle abrupt app closure, PiP transitions, and background audio cleanup, preventing ghost playback and unnecessary resource usage.
Professional Experience

Infrastructure work across ISP, business, and support environments

Feb 2023 - Feb 2026

Senior Network & Systems Infrastructure Engineer

CloudSP (Internet Service Provider)
  • Worked across core networking, Linux subscriber infrastructure, and supporting automation for ISP service delivery.
  • Established BGP peering with CDN providers and upstream transit providers.
  • Designed and implemented VLAN and IRB Layer 3 interfaces to support BGP peering, customer aggregation, and integration with a Linux-based CGNAT router.
  • Applied Junos firewall filters across multiple families, including inet and ethernet-switching, for traffic control at both Layer 2 and Layer 3.
  • Operated Linux servers running accel-ppp for PPPoE, L2TP, and related subscriber termination services.
  • Worked on Linux NAT and routing servers using iptables, ipset, and tc for subscriber traffic handling, classification, and policy enforcement.
  • Set up and maintained supporting operational services including ISPConfig, phpMyAdmin, Postfix, Graylog, and NetBox.
  • Worked with DNS service components and supporting resolver/cache tooling including dnsmasq and Unbound where appropriate.
  • Built internal exporters, scripts, and automation tools for telemetry collection, alerting, operational visibility, and recovery workflows.
  • Automated Configuration & Backup Recovery: designed and maintained backup and recovery automation for network and server infrastructure, including scheduled backups, retention handling, and off-site replication.
  • Integrated Network Monitoring Suite: developed an observability environment using Grafana, Zabbix, custom exporters, dashboards, and messaging-based alert delivery to improve visibility into interfaces, BGP status, traffic patterns, and subscriber activity.
  • Traffic Intelligence & Custom Accounting Portal: built systems around Linux tc, PPP session state, and RADIUS attributes to separate subscriber traffic by service type and provide support teams with internal tools for checking customer traffic, latency, and usage during troubleshooting.
2018 - 2023

Systems & Network Infrastructure Engineer

Microfolie Computers
  • Designed and deployed complete infrastructure and networking environments for companies.
  • Deployed virtualization environments using Proxmox and Hyper-V on custom-built computers and vendor platforms from HP and Dell, with added Proxmox cluster, Ceph storage, and HA design experience through lab work.
  • Configured passthrough for multiple NICs to virtual machines, including pfSense and OPNsense firewall deployments.
  • Configured TP-Link enterprise switches with VLANs and SVIs to separate departments and enforce network segmentation.
  • Created firewall rules to allow or block access to services and machines for different employees and departments.
  • Set up Cloudflare Tunnel with access control, network policies, and security rules for remote access to hosted services.
  • Implemented internet access redundancy using 4G connections as failover.
  • Set up SMB and SFTP network shares using Ubuntu Server.
  • Deployed and managed a Lancache system to locally cache HTTP content and reduce external bandwidth usage.
  • Provided employee training, support, system upgrades, troubleshooting, and scheduled backups for configurations, software platforms, and databases.
2015 - 2017

IT Systems Technician

CompuWorld
  • Built custom computers and installed operating systems, drivers, software, and endpoint security tools.
  • Removed viruses and malware from infected systems using tools such as Malwarebytes and HitmanPro.
  • Recovered data from failing hard drives and corrupted operating system installations using recovery tools such as HirenBootCD and bad-sector diagnostics with HD Tune.
  • Used a CH341A programmer to recover corrupted BIOS chips by flashing known-good BIOS image files.
  • Set up Windows Server systems as hypervisors and storage servers using onboard RAID and software RAID.
  • Recommended system components based on customer needs, compatibility, and budget.
  • Provided remote support using TeamViewer and AnyDesk to resolve software, hardware, and operating system issues.
  • Deployed and managed a WSUS server to locally cache and distribute Windows updates, reducing external bandwidth usage.
Request CV

Request a copy of my CV

Instead of exposing a public CV download, this form opens your email application with a prepared request to [email protected]. It runs entirely on the client side.

No SMTP server, backend, database, or relay is used by this page.

If your browser blocks the email client, send the request manually to [email protected].