Position Title: Amazon Web Services (AWS) Consultant - Cloud Security Architect
Location: Washington, DC (Regular On-Site Presence Required)
1. Position Purpose & Core Objective
The Senior AWS Consultant will serve as PM America’s primary, dedicated on-site technical expert and main point of contact for all cloud-related infrastructure, engineering, and cybersecurity activities at the Customer's site. This critical role provides comprehensive strategic, operational, and technical support to ensure the Museum’s cloud environment remains secure, resilient, optimized, and in absolute compliance with federal mandates. The Consultant operates as a trusted technical liaison bridging the gap between Customer's leadership, the CISO/CIO, internal IT teams, and external third-party partners.
2. Key Responsibilities & Performance Tasks
2.1 AWS Account & Cost Management
- Act as primary administrator for all client AWS accounts.
- Enforce account-level controls, IAM policies, and Zero-Trust structures.
- Manage billing, resource allocation, and continuous cost optimization.
- Oversee configuration, patching, performance, and hardening of EC2 virtual servers.
- Administer S3 object storage, encryption keys, and lifecycle backup policies.
- Manage automated serverless workflows using AWS Lambda.
- Administer Route 53 DNS records, routing policies, and SSL/TLS certificates.
- Lead overarching cloud strategy, roadmaps, and modernization blueprints.
- Design scalable, highly available architectures with disaster recovery (DR) plans.
- Run system health checks, monitor security events, and lead incident response.
- Work closely with CISO and CIO to maintain ATO compliance frameworks.
- Align systems with NIST SP 800-53, FISMA, and FedRAMP controls.
- Remediate risk issues caught by cloud posture management tools.
- Act as core liaison between IT staff, vendors, and federal stakeholders.
3. Required Professional Qualifications & Certifications
To meet the mandatory criteria defined in the government's SOW, the candidate must possess and maintain the following industry credentials in active status:
3.1 Mandatory AWS Certifications
- AWS Certified Solutions Architect – Professional
- AWS Certified Security – Specialty
3.2 Highly Preferred & Advantageous Credentials
- AWS Certified Advanced Networking – Specialty
- Certified Information Systems Security Professional (CISSP) or equivalent
- Certified Information Security Manager (CISM) or equivalent
3.3 Core Experience Demands
- Federal Track Record: Proven hands‑on experience deploying, migrating, or managing cloud infrastructure within federal or federal‑adjacent agency enclaves.
- Compliance Expertise: Demonstrated experience navigating NIST Cybersecurity Frameworks, managing FISMA system authorizations, and maintaining FedRAMP‑compliant environments.
- Security Mechanics: Practical mastery of identity management, strict multi‑factor authentication (MFA) rollouts for privileged accounts, and zero‑trust perimeter logic.
4. Contractual Deliverables Owned by this Role
- Security Controls (NIST/FISMA/FedRAMP Compliance Evidence)
- Operational Runbooks & Tested Disaster Recovery Plans
- Monthly Status Reports (Risks, Incidents, Adjustments)
- Monthly Operational & Cost‑Optimization Metrics
- Root Cause and Incident Analysis Documentation
5. Performance Evaluation Standards
- System Metrics: Uptime, availability, and structural reliability of all assigned AWS‑hosted infrastructure assets.
- Audit Success: The zero‑defect state of cloud security settings and successful passing of federal compliance reviews, security assessments, and ATO cycles.
- Operational Agility: Timeliness, speed, and accuracy of incident resolution, delivery of monthly reports, and responsiveness to Customer's stakeholder queries.
- Fiscal Health: Measurable efficacy in tracking usage trends, removing wasteful spend, and keeping cloud resource deployment within the target budget metrics.