1. Lead the design, setup, and maintenance of AWS cloud-based enclave across all environments, including production
2. Spearhead migration from legacy Windows-based on-premises infrastructure to the new cloud environment
3. Handle O&M tasks and coordinate with AWS Professional Services during initial setup
4. Implement Infrastructure-as-Code principles and automation to reduce errors and improve repeatability
5. Monitor and optimize cloud costs, providing recommendations for cost-reduction strategies
6. Design and maintain high-availability systems with backup and disaster recovery solutions
7. Work with ISSM staff to achieve/maintain ATO (Authorization to Operate) compliance
8. Perform core AWS activities including:
- VPC configuration and management
- EC2 and RDS instance creation and management
- AMI creation and security
- Lifecycle policy management
- Network configuration (subnets, security groups)
- Load balancer and auto-scaling setup
- User/group management
9. Occasional off-hours support for deployments and operations
1. AWS Certification: Cloud Solutions Architect - Professional
2. Recent hands-on experience (within last 2 years) with AWS VPC setup and maintenance
3. Current experience (within last 6 months) with:
- Microsoft Product Suite management
- MS SQL management
- MS Server 2012/2016/2019/2022 management
- Log aggregation systems (e.g., Splunk)
- System accreditation maintenance
4. Strong knowledge of AWS security best practices and services (IAM, Secure Tokens, CloudWatch, Cloud Monitoring)
5. Experience with security constraints for enclave accreditation in AWS
6. Expertise in Windows environments within AWS
1. Experience with the sponsor's specific environment:
- Security constraints for AWS cloud enclave accreditation
- IT infrastructure and ongoing projects
- Certification and Accreditation processes
2. Migration expertise:
- Experience transitioning on-premises solutions to VPC
- Knowledge of Windows enterprise management
3. Security expertise:
- Software vulnerability evaluation and mitigation
- Continuous security monitoring
- AWS MFA implementation
4. Windows-specific skills:
- Enterprise management (Server ISOs, AMIs, COTS updates)
- Domain forests and group policy management
- Active Directory role-based authentication
- LDAP authentication with COTS applications
- Load balancing and gateway services for remote desktop
5. Advanced troubleshooting using Event Viewer and Splunk logging
- This is a new requirement (not a re-compete or transition)
- Position is located in WMA area
- Requires medical screening clearance due to High Risk Role designation
- Local travel may be required
- Position is structured as Firm Fixed Price-Level of Effort (FFP-LOE)
- Duration is estimated at 5 years with 1 FTE