Systems Architect & Site Reliability Engineer

Sarkis Der Vartanian

I am a Systems Architect and Infrastructure Engineer who bridges bare-metal networking, scalable cloud platforms, and the applications that bring them to life. I design self-healing infrastructure, optimize data flows at the Linux kernel level, and build the cross-platform mobile apps and custom web portals needed to operate modern systems efficiently. From custom Golang telemetry scrapers to Dockerized services behind AWS Load Balancers, I create resilient end-to-end solutions that solve complex technical problems from the kernel to the user.

Lebanon (Open to Remote Worldwide)
[email protected]
+961 71 399 210
CERTIFIED: CCNA 200-301 [ID: ee69bf4481664eb89913dcdde8e0c31c]

Download CV

Technical Arsenal

Routing & Switching & Firewalls & Protocols

  • MikroTik (RouterOS / SWOS)
  • Juniper EX4600 & CLI
  • Cisco (CCNA / Virtualized)
  • pfSense / OPNsense / OpenWrt
  • TP-Link Enterprise

ISP Core & Systems

  • Linux BRAS (accel-ppp / FreeRADIUS)
  • MikroTik Wireless (LDF/912)
  • Mimosa & Cambium Networks
  • Linux Routing & Firewall & QoS (iptables/ipset/tc)
  • Zabbix & Grafana
  • ISPCONFIG / PHPmyadmin / Postfix Mail
  • Graylog / Netbox

Development & Architecture

  • Go (Golang) - Tooling
  • Python - Automation
  • Bash / PowerShell / Shell Scripting
  • Flutter (Mobile Architecture)
  • Kotlin & Android Native (ExoPlayer, GeckoView)
  • JavaScript & DOM Manipulation
  • SQL (Postgres / SQLite)

Cloud & Orchestration

  • AWS (EC2, Lambda, IAM, S3, API Gateway)
  • Docker Containerization
  • Cloudflare DNS / API
  • Proxmox / VMware ESXi / Hyper-V

Engineering Projects

Zabbix Grafana Telegram API BGP

Integrated Network Monitoring Suite

Created a unified visibility layer for ISP infrastructure, moving beyond standard SNMP to actionable, script-driven monitoring and automated alerts.

  • Automated Mitigation: Built Zabbix triggers that execute custom scripts to modify firewall policers on Juniper devices automatically and sends a message to telegram, at specific time/dates using cron.
  • BGP & Interface Telemetry: Configured Grafana dashboards providing deep visibility into BGP session states (monitoring established times, openconfirm statuses, and flapping events) with real-time icmp, packet loss and interface bandwidth metrics, alongside real and cdn traffic panels for specific resellers while scraping their user's radius status.
  • Remote Visuals: Developed a Telegram bot that renders and delivers Grafana panels (via Image Renderer) for on-the-go status checks.
Gallery ➔
Telegram Bot Notification Cisco Interface Metrics BGP Session Monitoring Reseller RADIUS Stats BGP Flapping Alert
Sensitive data (IPs / Router Names) has been redacted for privacy.
Go Linux TC accel-ppp Web UI / API

Traffic Intelligence & Custom Accounting Portal

Developed a proprietary system to differentiate and account for expensive Transit traffic versus cheap CDN/Peering traffic. Built a custom web frontend allowing Tier 1 support to visualize this data per user.

  • Custom Scraping: Engineered a Golang collector to scrape bytes from tc classes directly from the Linux kernel.
  • Session State Mapping: Integrated with accel-ppp to handle PPP interface changes, bind them to FreeRADIUS sessions, and actively parse radius attributes for dynamic speed limits.
  • Support Portal UI: Built a custom dashboard allowing support agents to input a PPPoE username and instantly view live latency graphs alongside isolated traffic metrics (Total vs. Akamai, FNA, GGC, Netflix, etc.) for rapid troubleshooting.
Traffic Accounting Dashboard
Gallery ➔
Customer Live Traffic Dashboard Isolated CDN Traffic Graphs Live Download/Upload Monitoring
Sensitive data (Usernames / Live IPs) has been redacted for privacy.
Bash AWS S3 Disaster Recovery

Automated Configuration & Backup Recovery

Designed a "Zero-Failure" backup ecosystem for multi-vendor environments (MikroTik, Juniper, Linux).

Backup Architecture Flow
Architecture Logic
  • Intelligent Execution: Script includes error handling (e.g., detecting "Commit Blocked" states on Juniper) to ensure backups only run when the database is locked and safe.
  • Storage Optimization: Integrated regex-based pruning to identify and remove specific file patterns older than the compliance window to minimize storage costs.
  • Multi-Target Redundancy: Automated backups to local QNAP NAS via SFTP/SMB, and implemented cloud redundancy by syncing local archives to AWS S3 using `rclone`.
Flutter GeckoView ExoPlayer DOM Manipulation Kotlin

Hybrid Media Engine

A custom Android application engineered to deliver an ad-free viewing experience with hardware-accelerated Picture-in-Picture (PiP) and persistent background audio, bypassing standard mobile web restrictions.

GeckoView Architecture Flow
Architecture & Lifecycle Handoff
  • Native Authentication: Bypassed Google's standard WebView OAuth blocks by utilizing the GeckoView engine, allowing seamless and secure Google account sign-in directly within the application without triggering "disallowed user-agent" security errors.
  • Bandwidth-Optimized Handoff: Engineered a lazy-loading state handoff protocol to prevent bandwidth starvation on slow connections. Background ExoPlayer initialization is strictly deferred until the primary GeckoView engine is paused, ensuring zero wasted data.
  • Native OS Media Controls: Developed a native Android BroadcastReceiver to intercept OS-level media intents (Play/Pause) directly from the PiP window, routing commands across a Flutter MethodChannel on the main UI thread for frame-perfect playback synchronization.
  • Hybrid Rendering & Permissions: Utilizes Mozilla GeckoView to leverage web extensions (uBlock Origin, background play) for the primary browsing layer, featuring automated permission delegation to fully support native voice search and microphone inputs.
  • Strict Lifecycle Management: Hooked directly into Android's Activity state machine (WidgetsBindingObserver) to intercept abrupt "X" close events from the OS, forcefully killing ghost audio processes and maintaining strict memory discipline.
Flutter AWS EC2 & Lambda API Gateway Docker Cloudflare API

Cloud Orchestrator

A cross-platform mobile application designed to enforce a "Zero-Waste" FinOps policy. It allows authorized stakeholders to seamlessly manage ephemeral cloud environments.

V2 Architecture Upgrades

The Upgrade: I completely rewrote the application into a deep-inspection monitoring suite featuring automated self-healing DNS and container verification.

  • Automated Polling: A background heartbeat syncs UI state with real-time AWS EC2 metrics.
  • Deep Inspection: Bypasses basic instance checks to verify the actual Docker containers are online and healthy.
  • DNS Automation: Automatically updates Cloudflare CNAME records when AWS assigns a new dynamic IP upon boot.
  • Live Telemetry: Fetches and displays remote server logs directly within the app interface.
Gallery ➔
AWS Status AWS Stopped Status Cloudflare DNS Sync Live Server Logs App Navigation
Sensitive data (Instance IDs / URLs) has been redacted for privacy.
Version 1 Legacy Interface

Version 1: The Basic Trigger

Originally built as a simple "Tap-to-Start" interface using basic serverless functions. It solved the primary problem of non-technical users leaving cloud instances running 24/7, but lacked deep monitoring capabilities.

Professional Experience

Feb 2023 - Feb 2026

Infrastructure Automation Engineer & SRE

CloudSP (Internet Service Provider)

Managed and scaled core ISP infrastructure, handling high-throughput PPPoE, L2TP, and MPLS termination across a highly available network topology. Developed custom automation tools in Golang to apply Linux kernel-level packet patches and engineered resilient Python pipelines to ensure 100% disaster-readiness. Orchestrated advanced traffic shaping using Linux tc and BGP/OSPF, while architecting a comprehensive observability stack (Zabbix, Grafana, Prometheus) to achieve total infrastructure visibility and proactive incident alerting.

2018 - 2023

Systems & Network Engineer

Microfolie Computers

Served as the Tier 3 escalation point for critical network outages, utilizing deep-packet analysis (Wireshark/tcpdump) to isolate and resolve complex Layer 2, Layer 3, and server-side faults. Authored standardized configuration templates (IaC) and automated provisioning workflows for field teams, ensuring strict security and performance standards across all edge deployments and custom enterprise servers.

2015 - 2017

IT Infrastructure Technician

CompuWorld

Managed the security posture of customer-facing Linux and Windows servers, implementing SSH key-based authentication, firewall hardening, and automated vulnerability patching. Utilized CH341A hardware programmers to perform out-of-band firmware recoveries, interfacing directly with onboard SPI Flash chips to bypass corrupted bootloaders and restore mission-critical bricked devices.

Theoretical Architecture & Research Interests

Protocol Research

The Agnostic Medium

Research into utilizing standard copper mediums for proprietary signal modulation, effectively "hiding" traffic from standard TCP/IP network interface cards.

Zero Trust

Double-Lock Port Security

Developing a "listen-less" server architecture where ports are not open to scanning, but require a pre-signed mutual agreement to become visible.