Amazon Web Services (AWS) Consultant

Amazon Web Services (AWS) Consultant

 Scope of Work

The AWS Consultant shall provide strategic, operational, and technical support for the

Museum’s AWS environment. Responsibilities include planning, maintenance, coordination with

stakeholders and vendors, security oversight, and compliance with federal cybersecurity

standards.

Key Responsibilities

The Consultant shall serve as the main point of contact for all AWS activities, including but not

limited to:

● AWS Account Management

○ Act as the primary administrator for all AWS accounts.

○ Manage billing, cost optimization, usage monitoring, and resource

allocation.

○ Implement account-level security controls, including Identity and Access

Management (IAM) policies and Multi-Factor Authentication (MFA).

● Infrastructure Management

○ Maintain and support Amazon EC2 Instances. Amazon Elastic Compute

Cloud (EC2) provides scalable virtual servers in the cloud. The Consultant

will manage these instances that host applications, databases, and

internal services, ensuring availability, performance, patching, and

security hardening.

● Maintain and support Amazon S3 Data Storage. Amazon Simple Storage Service

(S3) provides secure, durable, and scalable object storage for data, backups,

digital assets, and archival materials. The Consultant will manage data lifecycle

policies, encryption, access controls, and backup strategies.

● Maintain and support AWS Lambda. Manage serverless functions that automate

processes and support application workflows.

● Maintain and support Amazon CloudFront. Oversee content delivery and caching

services that improve performance, availability, and security of public-facing web

assets.

● Domain and DNS Management. Manage domain registration, DNS

configurations, SSL/TLS certificates, and routing policies using AWS Route 53

and related services.

● Planning and Architecture

○ Lead cloud strategy, roadmap development, and architectural design.

○ Ensure scalability, resiliency, and disaster recovery planning.

○ Provide guidance on modernization, migration, and optimization

initiatives.

● Operations and Maintenance

○ Perform routine system health checks, patching, and updates.

○ Monitor performance, availability, and security events.

○ Respond to incidents and coordinate remediation activities.

● Stakeholder and Vendor Coordination

○ Serve as the technical liaison between Museum leadership, IT staff,

program stakeholders, and external vendors.

○ Coordinate with third-party service providers and federal partners as

needed.

○ Provide clear communication, documentation, and reporting.

● Security, Compliance, and Risk Management working with the CISO and CIO

○ Implement and manage Multi-Factor Authentication (MFA) for all

privileged and user access.

○ Ensure adherence to cybersecurity frameworks and federal compliance

requirements, including:

■ NIST (National Institute of Standards and Technology)

Cybersecurity Framework and NIST SP 800-53 controls.

■ FISMA (Federal Information Security Modernization Act)

requirements.

■ FedRAMP compliance, in accordance with Museum direction and

system authorization levels.

● Address Issues as identified by the Posture management tools around

compliance and risk.

● Support security assessments, audits, and Authority to Operate (ATO)

processes.

● Maintain documentation for security controls, system configurations, and

compliance evidence.

Deliverables

The Consultant shall provide the following deliverables:

● AWS governance and account management documentation.

● Cloud architecture diagrams and system inventories.

● Security and compliance documentation aligned with NIST, FISMA, and FedRAMP.

● Operational runbooks and disaster recovery plans.

● Monthly status reports detailing activities, risks, incidents, and recommendations.

● Monthly operational and cost reports

● Incident and root cause analysis reports

● Recommendations for optimization and modernization

Performance Standards

The Consultant’s performance will be evaluated based on:

● System availability and reliability.

● Compliance with security and federal regulatory requirements.

● Responsiveness to incidents and stakeholder needs.

● Quality and timeliness of documentation and reporting.

● Effectiveness in cost management and optimization.

Required Qualifications and Certifications

The AWS Consultant must possess the following certifications (current and in good standing):

● AWS Certified Solutions Architect – Professional

● AWS Certified DevOps Engineer – Professional

● AWS Certified Security – Specialty

● AWS Certified Advanced Networking – Specialty (preferred)

● Certified Information Systems Security Professional (CISSP) or equivalent (preferred)

● Certified Information Security Manager (CISM) or equivalent (preferred)

In addition, the Consultant should demonstrate:

● Proven experience supporting federal or federal-adjacent cloud environments.

● Hands-on experience with NIST, FISMA, and FedRAMP compliance.

● Strong knowledge of identity management, MFA implementation, and zero-trust

principles.