Portrait of Eduard Agopyan

Eduard Agopyan

Network Security Architect - Cloudflare & Multi-Cloud
Contact information
eduard.agopyan@sabersecurity.cloud
+359 883 379 450
Sofia, Bulgaria
linkedin.com/in/eduard-agopyan-678158b4
sabersecurity.cloud
Summary

Network Security Architect with 6+ years building and operating secure network architectures across on-prem and multi-cloud. Specializes in connecting enterprise networking with Cloudflare at scale - leading domain migrations, security hardening, and Zero Trust rollouts with minimal downtime. Develops automation and internal tooling to enforce standards, accelerate delivery, and convert platform telemetry into repeatable runbooks with clean rollback paths.

Professional skills
Cloudflare Platform
DNS / CDN cache strategy
Rulesets (acct/zone)
WAF/Bot/API Shield tuning
Zero Trust (Access/GW/WARP)
API Shield (mTLS/schema)
Workers
Automation & Tools
Terraform / cf-terraforming
Python (API/GraphQL)
Jinja2 -> HTML/Excel
GitOps change control
Report/alarms automation
Origin & Edge Engineering
nginx hardening
Cache keys/headers
keepalive/timeouts
real_ip / proxy chain
mTLS / Origin CA
Transform rules
Network Security
NGFW (Fortinet/Palo/Cisco)
SSL inspection
SD-WAN
Segmentation (VLAN/ACL)
Site-to-site & RA VPN
Multi-Cloud Networking
AWS / Azure / GCP
Transit/GWLB patterns
Hybrid connectivity
Landing zones
Routing/BGP
Operations & Governance
MoPs & change windows
Incident mgmt
Runbooks & baselines
Monitoring & reports
Postmortems -> standards
About

I'm driven by curiosity and progress - whether that's learning, creating, or improving something around me. I enjoy family time, practical DIY-style projects, and occasional travel/outdoor breaks to recharge. People describe me as reliable, direct, and easy to work with.

Interests
Cyber security Penetration testing Networking Process automation Gaming
Education
Technical University
Varna, Bulgaria
B.Sc. Telecom Engineering
  • Thesis: Android Application Security Testing & Wireless Penetration Testing.
  • Projects: mobile app development; ICT systems design; corporate networks.
Work experience
Nanosek
Lead Architecture Engineer | Cloudflare & Migrations
03/2023 - Present

Lead end-to-end Cloudflare delivery for enterprise customers: platform architecture and governance, account audits, enablement workshops, automation, zero-downtime migrations, and origin hardening.

  • Cloudflare architecture: Built repeatable account/zone baselines for TLS, caching, WAF/Rulesets, Bot, and Zero Trust.
  • Audits and remediation: Delivered security/performance assessments with prioritized findings and phased rollout plans.
  • Migrations at scale: Executed staged DNS/SSL/WAF/Bot migrations for hundreds of domains with tested rollback paths.
  • Automation: Implemented Workers + Terraform/Python workflows for reporting, alerting, and controlled configuration rollout.
  • Origin hardening: Tuned nginx cache/headers/real_ip/timeout behavior to stabilize edge-origin correctness.
HuvePharma
Senior Network Security Engineer
05/2022 - 03/2023

Fortinet-centric network security engineering for a regulated enterprise - NGFW, SD-WAN, VPN and change governance.

  • Fortinet platform: Operated FortiGate, FortiManager, FortiAnalyzer, and FortiEMS across sites.
  • NGFW operations: Managed IPS/AV, URL filtering, SSL inspection, and policy lifecycle/reporting.
  • Connectivity: Delivered SD-WAN segmentation and site-to-site/remote-access VPN operations.
Greenyard
Lead Network Engineer
06/2021 - 05/2022

Owned end-to-end enterprise network and security operations: architecture decisions, firewall governance, and day-to-day reliability across a mixed-vendor environment.

  • Network ownership: Led standards, architecture decisions, and escalations for high-impact changes.
  • Security governance: Managed FortiGate/Palo Alto/Meraki policy lifecycle, segmentation, NAT, and VPN.
  • Delivery: Implemented Meraki, Palo Alto/FortiGate, and Silver Peak SD-WAN solutions across sites.
  • Reliability: Drove runbooks, change acceptance, RCA, and preventive improvements.
Modis - Jack in the Box
Senior Network Engineer
03/2020 - 06/2021

Enterprise network engineering for a global QSR brand - AWS networking with Palo Alto transparent inspection, plus day-to-day stability work.

  • AWS inspection architecture: Designed GWLB/GWLBe + VM-Series transparent inspection patterns for centralized control.
  • Transit design: Built TGW route segmentation for east-west and egress inspection workflows.
  • Resilience and scale: Implemented multi-AZ health-driven scaling with Panorama policy consistency.
  • Observability and automation: Standardized logs/alarms and Terraform-based deployment with rollback plans.
  • Hybrid operations: Supported Cisco/Fortinet/F5 estates and resolved complex VPN/routing/security incidents.
IBM / Cisco
Cisco Security Engineer - VPN Technologies
06/2019 - 03/2020

Global enterprise support focused on VPN and secure connectivity.

  • Global support: Resolved enterprise Cisco/Meraki incidents with clear customer communication.
  • VPN delivery: Implemented and troubleshot IPsec site-to-site and SSL remote access.
  • Operations: Managed failovers, NAT changes, and network documentation updates.
Certificates
Cloudflare Zero Trust Essentials certificate badge
Cloudflare Zero Trust Essentials
Cloudflare Zero Trust Advanced certificate badge
Cloudflare Zero Trust Advanced
Cloudflare Zero Trust Engineer certificate
Cloudflare Zero Trust Engineer
Cloudflare Application Security Essentials certificate badge
Cloudflare Application Security Essentials
Cloudflare Application Security Advanced certificate badge
Cloudflare Application Security Advanced
AWS Certified Cloud Practitioner certificate
AWS Certified Cloud Practitioner