12 KiB
JASON DAVIS | Lewisville, TX | (940) 340-9369 | newton214@gmail.com | linkedin.com/in/jason-davis-27442118a
PROFESSIONAL SUMMARY
I’ve spent 15 years building, scaling, and defending the infrastructure that powers Fortune 500 enterprises, hyperscale cloud, and financial institutions. I started as a Unix systems engineer and specialised in networks, which means I don’t just configure switches—I understand the entire stack, from kernel tuning to BGP policy.
At AWS GovCloud, I learned what breaks when you try to run VXLAN/EVPN at hyperscale. I designed overlays for high‑compliance tenants, automated away manual toil, and developed reference patterns that turned one‑off designs into repeatable products. At Verizon, I led multi‑million dollar transformations that migrated legacy data centers to modern fabrics and SD‑WAN. At Charter, I debugged buffer drops on encrypted storage replication because I knew how to trace a packet from the wire to the application.
Earlier in my career, I spent two years at Kaiser Permanente deploying Cisco ACI fabrics across multiple data centers, fixing Oracle Exadata OSPF issues that had stalled a major vendor, and uncovering silent buffer drops on Data Domain replication that were corrupting encrypted backups. At American Residential Services, I architected and executed a 100+ site SD‑WAN migration to Cisco Viptela and engineered a $15K out‑of‑band management solution from repurposed eBay hardware—because good engineers don’t need big budgets to deliver reliable operations.
Today, I bring that same obsession with reliability, automation, and resourcefulness to every fabric I touch. I hold a Fortinet NSE 4, an RHCSA, and a CCNP; I’m actively finishing my NSE 5 and RHCE. I don’t need a job—I need a revolution worth believing in. If you’re building the next generation of network infrastructure, I want to help you build it right.
CORE COMPETENCIES
NETWORK FABRICS • VXLAN/EVPN (Cisco Nexus, Arista) – Spine‑Leaf, MP‑BGP EVPN (Type‑2/Type‑5) • Anycast Gateway / Symmetric IRB, L3VNI, Multi‑Tenant VRFs • Multicast, Head‑End Replication, EVPN Multi‑Site • Cisco ACI – fabric deployment, migration, policy model
SECURITY & SD‑WAN • Fortinet Security Fabric (NSE 4) – FortiGate, FortiManager, FortiAnalyzer • Meraki SD‑WAN (TBX SME), Versa SD‑WAN, Cisco Viptela • Palo Alto, ASA, Juniper SRX, Zero Trust Architecture
CLOUD & HYBRID • AWS (GovCloud, Direct Connect, Transit Gateway) • Hybrid Cloud Interconnect, VMware NSX‑T, Kubernetes Overlay (Cilium) • Equinix Fabric, Cloud On‑Ramps
AUTOMATION & IaC • Python (Netmiko, NAPALM, Flask), Ansible (Cisco, NX‑OS, Fortinet) • Terraform (AWS, Equinix), YANG/NetConf, REST APIs • Git, CI/CD, Bash, Pre‑/Post‑Diff Validation, Tcl (NetApp LACP analysis)
SYSTEMS FOUNDATION • Red Hat Enterprise Linux (RHCSA), RHCE (in progress) • Unix (AIX, Solaris), Kernel Tuning, Arch Linux (personal lab) • Storage networking – Data Domain, NetApp, Exadata
MONITORING & OBSERVABILITY • gNMI/Telemetry, sFlow, Prometheus/Grafana • PRTG, SolarWinds, Splunk, NetFlow/IPFIX • Custom Python Anomaly Detection
CERTIFICATIONS
• Fortinet NSE 4 – Certified • Fortinet NSE 5 – In Progress (FortiManager, FortiAnalyzer) • Red Hat Certified System Administrator (RHCSA) • Red Hat Certified Engineer (RHCE) – In Progress (Ansible) • Cisco CCNP Enterprise & Data Center • AWS Certified Solutions Architect – Associate • Cisco DevNet Associate
PROFESSIONAL EXPERIENCE
TBX – Consulting Systems Engineer, SD‑WAN & Security SME May 2022 – Sept 2024 Subject Matter Expert for Meraki SD‑WAN and Fortinet Security Fabric. • Architected FortiGate SD‑WAN, IPSec VPN, and security policies for enterprise clients; NSE 4 certified, NSE 5 in progress. • Designed Meraki MX/Z3 auto‑VPN topologies, traffic shaping, and application‑ aware routing for multi‑site deployments. • Developed Python/Ansible automation frameworks for zero‑touch provisioning and config validation, cutting deployment time by 30%. • Authored and delivered advanced workshops on Zero Trust, SD‑WAN security, and automation; trained partner SEs and customers. • Led POCs that directly influenced seven‑figure enterprise deals.
AMAZON WEB SERVICES (GOVCLOUD) – Network Development Engineer Sept 2021 – May 2022 Tier 3 escalation for critical networking incidents in a hyperscale, multi‑tenant, high‑compliance environment. • Architected VXLAN/EVPN overlay solutions for GovCloud tenants – translated segmentation requirements into MP‑BGP EVPN address‑family configurations. • Built Python automation frameworks to model, validate, and deploy underlay/ overlay policies across thousands of devices; reduced provisioning time by 40% and eliminated configuration drift. • Designed hybrid interconnect strategies using AWS Direct Connect and Transit Gateway, integrating on‑prem VXLAN fabrics with AWS VPCs via eBGP. • Deployed and troubleshot BGP control planes at hyperscale – route reflection, next‑hop reachability, RT/RD consistency across multi‑tenant partitions. • Developed SOPs and post‑mortem guidance; institutionalised “automation‑first” remediation patterns.
VERIZON ENTERPRISE SOLUTIONS – Principal Network Architect Jan 2020 – Sept 2021 Led enterprise‑scale fabric architecture and migration for Fortune 500 clients in finance, healthcare, and retail. • Engineered VXLAN/EVPN data center fabric designs – L3VNI per tenant, anycast gateway addressing, consistent RD/RT schemas. • Led Avis migration from legacy Cisco MPLS to Versa SD‑WAN + Aruba edge; designed hybrid overlay interconnect with zero downtime. • Developed pre/post diff Bash scripts for configuration validation, reducing change‑related incidents by 35%. • Mentored solution architects on YANG, NetConf, Meraki API, and Python; shifted team from CLI‑first to API‑first mindset. • Spearheaded Walgreens nationwide WAN optimisation – integrated underlay BGP with overlay SD‑WAN controllers for application‑aware routing.
CHARTER COMMUNICATIONS – Data Center Network Engineer Sept 2018 – Oct 2019 Managed enterprise F5 LTM/GTM and A10 load balancing; implemented next‑gen overlay networks. • Implemented EVPN/VXLAN overlay networks on Nexus 9K – multi‑tenant segmentation across national data centers. • Automated TACACS configuration with Bash scripts, eliminating manual errors and credential misconfigurations. • Identified critical buffer tail drops on Data Domain SSL replication (port 29000) using PRTG and packet capture; root cause was underlay MTU mismatch and oversubscription. • Coordinated cross‑team Video VPN deployment, aligning network, security, and Linux systems teams.
ZIVARO – Senior Network Consultant Oct 2018 – Jan 2020 • Designed and deployed VXLAN data center fabric for Denver Health using Cisco ACI with BGP EVPN underlay – HIPAA‑compliant micro‑segmentation and workload mobility. • Advocated Ansible over DNA Center for Simmons Foods automation; delivered Ansible playbooks, saving client $50K+ in proprietary licensing. • Implemented Layer 3 to the edge for CDPHE despite organisational resistance; architected migration plan that became team standard. • Key contributor to Cisco Gold Partner recertification – led technical deep‑dives on EVPN/VXLAN, ACI, and automation.
ENTRUST (ZIVARO) – Cloud Network Engineer Jan 2020 – Present • Implemented PCI‑DSS‑compliant AWS network infrastructure – VPC segmentation, security groups/NACLs, Transit Gateway routing; passed QSA audit. • Built staging environment despite VP‑level opposition; validated Ansible ACL playbooks (cisco.ios) pre‑production, proving risk reduction and change accuracy. • Provided emergency architecture support for Illinois Credit Union VPN deployment – troubleshot IPsec tunnels and BGP peering to restore service.
KAISER PERMANENTE – Senior Data Center Engineer May 2016 – Apr 2018 Led data center network modernisation for one of the largest healthcare organisations in the United States. • Deployed Cisco ACI fabric across multiple data centers – designed EPG contracts, bridge domains, and L3Outs; migrated legacy Nexus 7K/5K infrastructure to Nexus 9K with zero downtime. • Resolved critical OSPF routing issues on Oracle Exadata racks that had delayed a major vendor implementation; diagnosed misconfigured interface costs and summarisation, enabling the project to meet its deadline. • Identified and fixed buffer tail drops on Data Domain SSL‑encrypted replication traffic (port 29000) that were silently corrupting backups across the DR link. Used PRTG, SPAN sessions, and deep packet analysis to isolate MTU mismatch and egress queue depletion. • Enhanced HPNA (HP Network Automation) functionality by developing custom reporting and compliance scripts, improving operational visibility and reducing audit remediation time. • Collaborated with storage, database, and application teams to optimise network performance for Exadata, NetApp, and VCE Vblock platforms.
AMERICAN RESIDENTIAL SERVICES – Senior Network Engineer Jan 2018 – Jan 2019 Architected and executed a complete network transformation for a national home services provider with 100+ locations. • Led end‑to‑end migration from legacy MPLS/hub‑spoke topology to Cisco Viptela SD‑WAN – designed transport‑side policies, application‑aware routing, and zero‑touch provisioning; executed site cutovers with zero business‑impacting incidents. • Standardised firewall configurations across Cisco ASA and Juniper SRX platforms, implementing consistent security policies and VPN templates. • Deployed Cisco Umbrella DNS filtering as a lightweight security layer across all sites, reducing malware callbacks by 60% within 30 days. • Engineered a cost‑effective out‑of‑band management and UPS solution using repurposed Cisco 2811 routers, cellular modems, and second‑hand APC units sourced from eBay – saved the company over $15,000 while providing resilient remote access during power outages. • Implemented RANCID for automated configuration backups and version control, establishing configuration audit trails for the first time.
AT&T (TIAA‑CREF) – Lead Network Architect Jul 2010 – May 2016 Led $100M+ network infrastructure refresh for a top‑tier financial institution. • End‑to‑end architecture and design – Nexus 9K, ASR9K, F5 BIG‑IP; delivered under budget and ahead of schedule. • Optimised mainframe OSPF routing (Area 51) – resolved route flapping and suboptimal path selection; required deep understanding of mainframe TCP/IP and traditional routing protocols. • Identified NetApp LACP RFC non‑compliance via custom Tcl script; vendor acknowledged defect and released firmware fix, preventing undetected link failure risk. • Created reference architectures and standardised configuration templates for blackhole routing, security policies, and high‑availability designs; adopted globally.
DYNAMIC IMPACT MARKETING LLC – Principal & Technical Strategist Sept 2024 – Present • Founder consultancy applying infrastructure engineering to marketing tech. • Build automated data pipelines (Python) and technical audit frameworks.
EDUCATION & MILITARY SERVICE
United States Air Force – Senior Airman, Honorable Discharge
CONTINUOUS LEARNING
• SRv6, eBPF/Cilium, NVIDIA Spectrum, BlueField DPUs – self‑directed study • Arch Linux maintainer – kernel tuning, systemd, network namespaces • Fortinet NSE 5 (FortiManager, FortiAnalyzer) – In Progress • Red Hat RHCE (Ansible, system roles) – In Progress