Summary

Overview

Work History

Education

Skills

Technical Summary

Timeline

ROUZBEH TAHMASEBI

San Marcos,CA

Summary

Senior Network Engineer / SRE with more than ten years of hands-on experience designing and supporting low-latency and HFT-grade data center networks across on-prem and AWS environments. Experienced in latency-optimized routing architectures, real-time observability, and high-availability design using SolarWinds, AppDynamics, and Splunk. Strong background with F5 BIG-IP (LTM/DNS/ASM), Cisco Nexus/ASA/ISE/IOS-XE, Palo Alto NGFWs, and VMware NSX-T for micro segmentation and secure east-west traffic. Skilled in data center design, incident response, and performance monitoring, with a focus on deterministic routing, minimal jitter, and rapid fault detection — principles drawn from HFT-class infrastructure design.

Overview

years of professional experience

Work History

Senior Network Engineer / SRE

FICO

09.2016 - 09.2025

Senior Network Engineer and SRE supporting global data center and edge infrastructure for low-latency, customer-facing platforms. Responsible for architecture, reliability, security, and incident response across enterprise networking, cloud connectivity, security platforms, and observability.
Primary responder for P1/P2 production incidents, leading live incident bridges and coordinating network, security, application, database, and platform teams.
Diagnosed and resolved complex failures including routing loops, asymmetric traffic flows, firewall and VPN outages, MTU and fragmentation issues, and cloud edge connectivity failures.
Owned incident, change, and problem workflows in ServiceNow, ensuring accurate documentation, timely approvals, clean handoffs, and post-incident follow-ups.
Authored RCAs and drove long-term corrective actions focused on fault isolation, reliability improvement, and operational maturity.
Translated business and application requirements into scalable network and security designs, advising on segmentation, routing strategy, secure connectivity, and performance trade-offs.
Integrated and operated Imperva WAF for customer-facing applications, designing BGP-based asymmetric routing so inbound traffic traversed Imperva for inspection while outbound traffic exited directly via ISPs to preserve low latency.
Monitored and tuned Imperva policies and dashboards to identify suspicious traffic patterns, validate mitigations, and maintain clean application traffic without routing instability.
Designed and operated IPsec VPN and VTI-based tunnels for customers, partners, and third-party integrations.
Designed and maintained DMVPN architectures for remote offices, tuning routing, failover, and encryption parameters for stability and predictable performance.
Supported and operated Cisco SD-WAN environments for branch and edge connectivity to data centers and cloud services.
Worked with vManage, vSmart, and vBond components, troubleshooting control-plane connectivity, certificate issues, and device onboarding failures.
Configured and maintained WAN Edge routers with centralized policies for routing, segmentation, and traffic steering.
Diagnosed overlay versus underlay issues including BGP handoff problems, control connections flapping, MTU mismatches, and asymmetric routing.
Validated application-aware routing and path selection using telemetry, flow data, and real-time monitoring.
Participated in P1/P2 incident response involving SD-WAN outages, performing live control-plane validation, routing analysis, and packet-level troubleshooting.
Integrated SD-WAN with existing firewall, VPN, and data center routing architectures to ensure predictable failover and minimal latency impact.
Led enterprise firewall migrations including Check Point → Cisco ASA and Cisco ASA → Palo Alto Networks.
Redesigned rulebases, NAT, VPNs, and routing dependencies while preserving security posture and improving operational clarity.
Designed and implemented Cisco Zone-Based Firewall (ZBF) policies on ISR and ASR platforms for branch and edge security.
Participated in the design and rollout of VXLAN/EVPN data center fabrics supporting multi-site segmentation and workload mobility.
Supported and operated Cisco ACI fabrics in production data center environments alongside traditional NX-OS and VXLAN/EVPN networks.
Worked with ACI core constructs including tenants, VRFs, bridge domains, application profiles, EPGs, contracts, and filters.
Integrated ACI fabrics with external Layer 3 networks using L3Outs, configuring BGP and OSPF adjacencies for north-south connectivity.
Troubleshot application connectivity issues across ACI domains, validating endpoint learning, policy enforcement, contract scope, and routing behavior using APIC.
Performed operational analysis including fault review, health score evaluation, endpoint tracking, and fabric-wide troubleshooting.
Designed and operated a greenfield VMware NSX-T environment, including transport nodes, overlay networking, T0/T1 routing, and dynamic routing integration with Nexus cores.
Implemented distributed firewalling and microsegmentation to control east-west traffic and reduce blast radius.
Tuned Nexus 9K/7K/5K platforms including vPC, VRFs, HSRP, and BGP path selection to maintain clean underlay/overlay integration and extremely low, predictable latency.
Implemented and supported Zscaler ZIA and ZPA using GRE and IPsec tunnels for secure internet access and private application connectivity.
Worked directly with Zscaler engineering and support teams to troubleshoot tunnel instability, routing asymmetry, MTU issues, and traffic drops between on-prem firewalls and the Zscaler cloud.
Performed deep traffic analysis using firewall logs, packet captures, and routing tables to isolate and remediate issues.
Designed and supported F5 BIG-IP LTM and GTM for global application delivery.
Built and maintained GTM Wide IPs, pools, health monitors, and GSLB logic across multiple data centers.
Configured LTM virtual servers, pools, persistence profiles, and health monitors to ensure traffic correctness, availability, and resilience.
Built and maintained monitoring using SolarWinds, AppDynamics, and Splunk with a focus on latency, packet loss, and routing anomalies.
Trained and guided NOC and helpdesk teams on proactive monitoring, alert interpretation, and escalation practices.
Defined alert thresholds and operational runbooks to reduce mean time to detection and improve incident handoff quality.
Managed enterprise IPAM, Cisco ISE (NAC, certificates, and upgrades), and NTP architecture.
Planned and executed ISSU upgrades across Nexus and Catalyst platforms with minimal production impact.
Operated core services including NAT, VRRP/HSRP, DHCP, LAN/WAN/WLAN, and VPN infrastructure in highly available production environments.

Senior Analyst, IS Infrastructure Projects

BHP Billiton

02.2015 - 01.2016

Delivered low-latency LAN modernization projects across mining and operational sites, optimizing VLANs and routing for reduced delay and jitter.
Enhanced SolarWinds alerting and performance dashboards to improve early detection of latency-related degradation.
Implemented VRF-Lite segmentation and HSRP redundancy for deterministic routing and rapid failover.

Senior Technical Specialist

PotashCorp

07.2013 - 01.2015

Managed F5 BIG-IP LTM/ASM and Fortinet web-security systems.
Supported Cisco ASA VPNs and IDS/IPS.
Operated Cisco Nexus 7000/5000/2000, BGP/MPLS peers, and backup VPNs.
Optimized QoS and traffic classification for latency-sensitive applications.
Monitored traffic with Riverbed SteelCentral and Splunk dashboards to identify bottlenecks and optimize response times.

Senior Network Engineer

YourLink Inc.

01.2010 - 07.2013

Designed and operated a high-performance MPLS WAN backbone interconnecting geographically distributed regional points of presence (POPs), with routing architectures optimized for low latency, resiliency, and high availability.
Implemented and managed advanced routing protocols, including BGP and multi-area OSPF, across core and edge network infrastructure to support scalable growth and reliable global connectivity.
Supported backbone networks built over carrier-provided optical transport and Layer-1 circuits, coordinating with service providers to troubleshoot physical connectivity, circuit impairments, and transport-layer issues affecting network performance.
Coordinated WAN circuit provisioning and activations with domestic and international service providers, including cross-connects, turn-ups, redundancy validation, and failover testing.
Worked closely with ISPs and carrier partners to define technical requirements, routing policies, and redundant connectivity paths for critical network sites.
Optimized network performance and capacity by monitoring utilization trends, tuning routing behavior, and designing scalable backbone architectures to support growing traffic demands.
Led IPv6 deployment initiatives across the WAN, implementing OSPFv3, DHCPv6, and IP address management (IPAM) to ensure future-ready global network operations.
Supported and troubleshot complex routing and security environments using Cisco 6500/6509, Nexus platforms, Cisco ASA firewalls, and Juniper SRX/MX routers in production service-provider and enterprise networks.
Conducted Nessus vulnerability assessments and implemented network hardening and remediation measures to meet security, compliance, and operational reliability requirements.

IT (R&D) Senior Network Analyst

Vecima Networks Inc.

10.2006 - 01.2010

Supported R&D network infrastructure and firewalls.
Managed AD, Cisco Unified CM, and VPNs for global teams.
Administered Linux build servers, backups, and VMware infrastructure.
Built Cisco-based test labs for WiMAX and PVLAN validation.