Senior Network & Systems Infrastructure Engineer

Sarkis Derwartanian

I build and operate reliable infrastructure across networking, Linux systems, automation, and observability. My work includes ISP infrastructure, BGP, subscriber environments, CGNAT, traffic shaping, telemetry, recovery workflows, and internal tools that improve operational visibility and support.

Lebanon
[email protected]
+961 71 399 210
CERTIFIED: CCNA 200-301 [ID: ee69bf4481664eb89913dcdde8e0c31c]

Download CV

Technical Arsenal

Routing & Switching & Firewalls & Protocols

  • MikroTik (RouterOS / SWOS)
  • Juniper EX4600 & CLI
  • Cisco (CCNA / Virtualized)
  • pfSense / OPNsense / OpenWrt
  • TP-Link Enterprise

ISP Core & Systems

  • Linux BRAS (accel-ppp / FreeRADIUS)
  • MikroTik Wireless (LDF/912)
  • Mimosa & Cambium Networks
  • Linux Routing & Firewall & QoS (iptables/ipset/tc)
  • Zabbix & Grafana
  • ISPCONFIG / PHPmyadmin / Postfix Mail
  • Graylog / Netbox

Development & Architecture

  • Go (Golang) - Tooling
  • Python - Automation
  • Bash / PowerShell / Shell Scripting
  • Flutter (Mobile Architecture)
  • Kotlin & Android Native (ExoPlayer, GeckoView)
  • JavaScript & DOM Manipulation
  • SQL (Postgres / SQLite)

Cloud & Orchestration

  • AWS (EC2, Lambda, IAM, S3, API Gateway)
  • Docker Containerization
  • Cloudflare DNS / API
  • Proxmox / VMware ESXi / Hyper-V

Engineering Projects

Zabbix Grafana Telegram API BGP

Integrated Network Monitoring Suite

Created a unified visibility layer for ISP infrastructure, moving beyond standard SNMP to actionable, script-driven monitoring and automated alerts.

  • Automated Mitigation: Built Zabbix triggers that execute custom scripts to modify firewall policers on Juniper devices automatically and sends a message to telegram, at specific time/dates using cron.
  • BGP & Interface Telemetry: Configured Grafana dashboards providing deep visibility into BGP session states (monitoring established times, openconfirm statuses, and flapping events) with real-time icmp, packet loss and interface bandwidth metrics, alongside real and cdn traffic panels for specific resellers while scraping their user's radius status.
  • Remote Visuals: Developed a Telegram bot that renders and delivers Grafana panels (via Image Renderer) for on-the-go status checks.
Gallery ➔
Telegram Bot Notification Cisco Interface Metrics BGP Session Monitoring Reseller RADIUS Stats BGP Flapping Alert
Sensitive data (IPs / Router Names) has been redacted for privacy.
Go Linux TC accel-ppp Web UI / API

Traffic Intelligence & Custom Accounting Portal

Developed a proprietary system to differentiate and account for expensive Transit traffic versus cheap CDN/Peering traffic. Built a custom web frontend allowing Tier 1 support to visualize this data per user.

  • Custom Scraping: Engineered a Golang collector to scrape bytes from tc classes directly from the Linux kernel.
  • Session State Mapping: Integrated with accel-ppp to handle PPP interface changes, bind them to FreeRADIUS sessions, and actively parse radius attributes for dynamic speed limits.
  • Support Portal UI: Built a custom dashboard allowing support agents to input a PPPoE username and instantly view live latency graphs alongside isolated traffic metrics (Total vs. Akamai, FNA, GGC, Netflix, etc.) for rapid troubleshooting.
Traffic Accounting Dashboard
Gallery ➔
Customer Live Traffic Dashboard Isolated CDN Traffic Graphs Live Download/Upload Monitoring
Sensitive data (Usernames / Live IPs) has been redacted for privacy.
Bash AWS S3 Disaster Recovery

Automated Configuration & Backup Recovery

Designed a "Zero-Failure" backup ecosystem for multi-vendor environments (MikroTik, Juniper, Linux).

Backup Architecture Flow
Architecture Logic
  • Intelligent Execution: Script includes error handling (e.g., detecting "Commit Blocked" states on Juniper) to ensure backups only run when the database is locked and safe.
  • Storage Optimization: Integrated regex-based pruning to identify and remove specific file patterns older than the compliance window to minimize storage costs.
  • Multi-Target Redundancy: Automated backups to local QNAP NAS via SFTP/SMB, and implemented cloud redundancy by syncing local archives to AWS S3 using `rclone`.
Flutter AWS EC2 & Lambda API Gateway Docker Cloudflare API

EC2 Service Controller

An Android mobile application built to manage an on-demand AWS EC2 environment, allowing controlled instance start/stop actions, Docker container health checks, live log access, and automatic Cloudflare CNAME synchronization whenever the EC2 public endpoint changes after startup.

Cloud Automation & Service Monitoring

The System: I built the application as an Android control and monitoring tool for an on-demand AWS EC2 environment, with automated Cloudflare CNAME synchronization, Docker container health verification, live log access, and real-time infrastructure state tracking.

  • Automated Polling: A background heartbeat keeps the mobile UI synchronized with the current AWS EC2 instance state and service availability.
  • Container Verification: Goes beyond basic instance status checks by verifying that the required Docker container is actually online and ready.
  • DNS Automation: Automatically updates the Cloudflare CNAME target when the EC2 public endpoint changes after startup.
  • Live Log Access: Fetches and displays remote service logs directly inside the app for quick operational visibility.
  • Controlled Operations: Provides safe start/stop and verification actions without requiring direct AWS console access.
Gallery ➔
AWS Status AWS Stopped Status Cloudflare DNS Sync Live Server Logs App Navigation
Sensitive data such as instance IDs, URLs, and internal identifiers has been redacted for privacy.
Flutter GeckoView ExoPlayer DOM Manipulation Kotlin

Hybrid Media Engine

A custom Android application engineered to deliver an ad-free viewing experience with hardware-accelerated Picture-in-Picture (PiP) and persistent background audio, bypassing standard mobile web restrictions.

GeckoView Architecture Flow
Architecture & Lifecycle Handoff
  • Native Authentication: Bypassed Google's standard WebView OAuth blocks by utilizing the GeckoView engine, allowing seamless and secure Google account sign-in directly within the application without triggering "disallowed user-agent" security errors.
  • Bandwidth-Optimized Handoff: Engineered a lazy-loading state handoff protocol to prevent bandwidth starvation on slow connections. Background ExoPlayer initialization is strictly deferred until the primary GeckoView engine is paused, ensuring zero wasted data.
  • Native OS Media Controls: Developed a native Android BroadcastReceiver to intercept OS-level media intents (Play/Pause) directly from the PiP window, routing commands across a Flutter MethodChannel on the main UI thread for frame-perfect playback synchronization.
  • Hybrid Rendering & Permissions: Utilizes Mozilla GeckoView to leverage web extensions (uBlock Origin, background play) for the primary browsing layer, featuring automated permission delegation to fully support native voice search and microphone inputs.
  • Strict Lifecycle Management: Hooked directly into Android's Activity state machine (WidgetsBindingObserver) to intercept abrupt "X" close events from the OS, forcefully killing ghost audio processes and maintaining strict memory discipline.

Professional Experience

Feb 2023 - Feb 2026

Senior Network & Systems Infrastructure Engineer

CloudSP (Internet Service Provider)
  • Worked across core networking, Linux subscriber infrastructure, and supporting automation for ISP service delivery.
  • Established BGP peering with CDN providers and upstream transit providers.
  • Designed and implemented VLAN and IRB Layer 3 interfaces to support BGP peering, customer aggregation, and integration with a Linux-based CGNAT router.
  • Applied Junos firewall filters across multiple families, including inet and ethernet-switching, for traffic control at both Layer 2 and Layer 3.
  • Operated Linux servers running accel-ppp for PPPoE, L2TP, and related subscriber termination services.
  • Worked on Linux NAT and routing servers using iptables, ipset, and tc for subscriber traffic handling, classification, and policy enforcement.
  • Set up and maintained supporting operational services including ISPConfig, phpMyAdmin, Postfix, Graylog, and NetBox.
  • Built internal exporters, scripts, and automation tools for telemetry collection, alerting, operational visibility, and recovery workflows.
  • Automated Configuration & Backup Recovery: designed and maintained backup and recovery automation for network and server infrastructure, including scheduled backups, retention handling, and off-site replication.
  • Integrated Network Monitoring Suite: developed an observability environment using Grafana, Zabbix, custom exporters, dashboards, and messaging-based alert delivery to improve visibility into interfaces, BGP status, traffic patterns, and subscriber activity.
  • Traffic Intelligence & Custom Accounting Portal: built systems around Linux tc, PPP session state, and RADIUS attributes to separate subscriber traffic by service type and provide support teams with internal tools for checking customer traffic, latency, and usage during troubleshooting.
2018 - 2023

Systems & Network Infrastructure Engineer

Microfolie Computers
  • Designed and deployed complete infrastructure and networking environments for companies.
  • Deployed Type 1 hypervisors such as Proxmox and VMware ESXi on custom-built computers and vendor platforms from HP and Dell.
  • Configured passthrough for multiple NICs to virtual machines, including pfSense and OPNsense firewall deployments.
  • Configured TP-Link enterprise switches with VLANs and SVIs to separate departments and enforce network segmentation.
  • Created firewall rules to allow or block access to services and machines for different employees and departments.
  • Set up Cloudflare Tunnel with access control, network policies, and security rules for remote access to hosted services.
  • Implemented internet access redundancy using 4G connections as failover.
  • Set up SMB and SFTP network shares using Ubuntu Server.
  • Deployed and managed a Lancache system to locally cache HTTP content and reduce external bandwidth usage.
  • Provided employee training, support, system upgrades, troubleshooting, and scheduled backups for configurations, software platforms, and databases.
2015 - 2017

IT Systems Technician

CompuWorld
  • Built custom computers and installed operating systems, drivers, software, and endpoint security tools.
  • Removed viruses and malware from infected systems using tools such as Malwarebytes and HitmanPro.
  • Recovered data from failing hard drives and corrupted operating system installations using recovery tools such as HirenBootCD and bad-sector diagnostics with HD Tune.
  • Used a CH341A programmer to recover corrupted BIOS chips by flashing known-good BIOS image files.
  • Set up Windows Server systems as hypervisors and storage servers using onboard RAID and software RAID.
  • Recommended system components based on customer needs, compatibility, and budget.
  • Provided remote support using TeamViewer and AnyDesk to resolve software, hardware, and operating system issues.
  • Deployed and managed a WSUS server to locally cache and distribute Windows updates, reducing external bandwidth usage.

Theoretical Architecture & Research Interests

Protocol Research

The Agnostic Medium

Research into utilizing standard copper mediums for proprietary signal modulation, effectively "hiding" traffic from standard TCP/IP network interface cards.

Zero Trust

Double-Lock Port Security

Developing a "listen-less" server architecture where ports are not open to scanning, but require a pre-signed mutual agreement to become visible.