AWS Consultant

The Consultant shall serve as the main point of contact for all AWS activities, including but not limited to:

● AWS Account Management

○ Act as the primary administrator for all AWS accounts.

○ Manage billing, cost optimization, usage monitoring, and resource allocation.

○ Implement account-level security controls, including Identity and Access Management (IAM) policies and Multi-Factor Authentication (MFA).

________________________________________

● Infrastructure Management

○ Maintain and support Amazon EC2 Instances. Amazon Elastic Compute Cloud (EC2) provides scalable virtual servers in the cloud. The Consultant will manage these instances that host applications, databases, and internal services, ensuring availability, performance, patching, and security hardening.

________________________________________

● Maintain and support Amazon S3 Data Storage.

Amazon Simple Storage Service (S3) provides secure, durable, and scalable object storage for data, backups, digital assets, and archival materials. The Consultant will manage data lifecycle policies, encryption, access controls, and backup strategies.

________________________________________

● Maintain and support AWS Lambda.

Manage serverless functions that automate processes and support application workflows.

________________________________________

● Maintain and support Amazon CloudFront.

Oversee content delivery and caching services that improve performance, availability, and security of public-facing web assets.

________________________________________

● Domain and DNS Management.

Manage domain registration, DNS configurations, SSL/TLS certificates, and routing policies using AWS Route 53 and related services.

________________________________________

● Planning and Architecture

○ Lead cloud strategy, roadmap development, and architectural design.

○ Ensure scalability, resiliency, and disaster recovery planning.

○ Provide guidance on modernization, migration, and optimization initiatives.

________________________________________

● Operations and Maintenance

○ Perform routine system health checks, patching, and updates.

○ Monitor performance, availability, and security events.

○ Respond to incidents and coordinate remediation activities.

________________________________________

● Stakeholder and Vendor Coordination

○ Serve as the technical liaison between Museum leadership, IT staff, program stakeholders, and external vendors.

○ Coordinate with third-party service providers and federal partners as needed.

○ Provide clear communication, documentation, and reporting.

________________________________________

● Security, Compliance, and Risk Management working with the CISO and CIO

○ Implement and manage Multi-Factor Authentication (MFA) for all privileged and user access.

○ Ensure adherence to cybersecurity frameworks and federal compliance requirements, including:

■ NIST (National Institute of Standards and Technology) Cybersecurity Framework and NIST SP 800-53 controls.

■ FISMA (Federal Information Security Modernization Act) requirements.

■ FedRAMP compliance, in accordance with Museum direction and system authorization levels.

● Address Issues as identified by the Posture management tools around compliance and risk.

● Support security assessments, audits, and Authority to Operate (ATO) processes.

● Maintain documentation for security controls, system configurations, and compliance evidence.

________________________________________

Deliverables

The Consultant shall provide the following deliverables:

● AWS governance and account management documentation.

● Cloud architecture diagrams and system inventories.

● Security and compliance documentation aligned with NIST, FISMA, and FedRAMP.

● Operational runbooks and disaster recovery plans.

● Monthly status reports detailing activities, risks, incidents, and recommendations.

● Monthly operational and cost reports

● Incident and root cause analysis reports

● Recommendations for optimization and modernization

________________________________________

Required Qualifications and Certifications

The AWS Consultant must possess the following certifications (current and in good standing):

● AWS Certified Solutions Architect – Professional

● AWS Certified DevOps Engineer – Professional

● AWS Certified Security – Specialty

● AWS Certified Advanced Networking – Specialty (preferred)

● Certified Information Systems Security Professional (CISSP) or equivalent (preferred)

● Certified Information Security Manager (CISM) or equivalent (preferred)