Job Description
Name AWS Cloud Architect - Manager Request OA--- Agency, State Office of Administration (OA), MO Location Jefferson City, MO Contract Duration // – // SOW The State seeks an experienced AWS Cloud Architect/Manager to establish the Cloud Architecture practice for the State of Missouri and lead the existing team in developing the cloud platform.
Responsibilities include cloud solution design, DevOps architecture, mentoring, and alignment with security frameworks (NIST, FedRAMP, HIPAA, etc.).
The SOW Vendor shall include the following team members/resource(s) to administer and perform the contract requirements:
Working Team:
+ years experience of Cloud experience in AWS, Cloud Framework and Cloud pattern architecture, standard cloud platforms such as Aurora, Elastic Beanstalk, PaaS, IaaS, Cloud Database technologies, Ansible, Kubernetes.
Ability to debate technologies and clearly state design flaws or preferred technologies is a must.
Possess skills to architect in a dev-ops environment as well as operations side.
Previous experience mentoring and managing an existing cloud team.
Experience with AWS, Azure and GCP.
Experience with AWS Security Hub, Azure Security Center, GCP Security Command Center.
Strong knowledge of SIEM solutions and cloud-native security tools.
Familiarity with compliance frameworks (NIST, CIS, FedRAMP, PCI-DSS, HIPAA).
Proficiency in scripting and automation
Hands-on experience with Infrastructure as Code (IaC) and policy-as-code tools.
Certifications such as AWS Certified Security, Azure Security Engineer Associate, Google Professional Cloud Security Engineer, CISSP, or CCSP are a plus
Preferred qualifications include experience and working knowledge of State of Missouri IT systems which encompasses security, cloud services, infrastructure management on multi-platform environments and management of large scale development and maintenance and operations projects.
Submittal Requirement ∙ Completed and signed SOW Word document
∙ Deliverable Payment Milestones table
∙ Contracting Resource(s) Price Calculations table
∙ SOW Response (PDF): overview, approach, resumes, Exhibits A–D ∙ ≤ pages (excluding resumes), pt+ font, no embedded links/files/videos Evaluation Criteria Cost – points
Technical Proposal – points:
Approach & Methodology – pts
Personnel Qualifications & Biographies – pts
Company History & Experience – pts
Bonus Points: MBE/WBE – , Blind/Sheltered – , SDV – References Two () case studies with contact info required in Exhibit C Resumes required?
Yes – for all proposed resource(s) Rate card required No – firm-fixed pricing per deliverable; Contracting Resource(s) Price Calculations table is used for internal reference only Any specific requirement ∙ All services must be provided by resources
∙ No offshore work
∙ Compliance with OA/ITSD security, confidentiality, and training ∙ No out-of-state travel required Hardcopy/Email/portal submission Email Link Submit via email to
Attachment -
Scope, Requirements, Deliverables and Invoicing General Requirements Testing timeline must not be compressed once the work plan has been approved.
All services must be provided in the United States.
Offshore services shall not be used to perform the services outlined herein.
Vendor resource(s) may be exchanged under the SOW without modifications of the SOW upon agreement of the SOW Vendor and the State.
The State reserves the right to review resumes and accept/reject proposed resource(s).
Security & Confidentiality – All materials (including code, tools, documentation and data) provided pursuant to the SOW shall be deemed confidential.
Vendor resource(s) must comply with agency and ITSD security policies, agency and ITSD required trainings, and/or required security specifications that describe: (i) required security capabilities, (ii) required design and development processes, (iii) required test and evaluation procedures, and (iv) required documentation.
Usage of any recording devices or Generative AI recording is prohibited in any meetings associated with the project and/or this Statement of Work (SOW).
The SOW Vendor resource(s) must report to the ITSD Project or Resource Manager or designee, who will provide resource(s) with sufficient knowledge to perform the work.
Vendor resource(s) are expected to conduct themselves in a professional manner and dress in a professional manner.
The SOW Vendor must provide resumes for all of the SOW Vendor's resource(s) being assigned to the project for the review and acceptance by the State.
The SOW Vendor's resource(s) assigned to the project are subject to the approval or rejection by the State.
If there would be a need to replace the resource(s) by the SOW Vendor, any subsequent proposed resource(s) may be interviewed by the State prior to acceptance.
The Vendor's resource(s) schedule and location for on-site or off-site work must be agreed upon by the SOW Vendor's Project Manager, ITSD Project/Resource Manager and the Customer Product Owner.
No out-of-state travel is required on the part of the State or the SOW Vendor resource(s) for completion of this project.
The SOW Vendor must meet or exceed the following minimum experience requirements at the time of the SOW response submission and for the duration of the SOW: Experience with AWS, Azure and GCP.
Previous experience with state government Cloud environment is preferred.
Vendor Resource(s) Experience Requirements The SOW Vendor shall include the following team members/resource(s) to administer and perform the contract requirements: Working Team: + years experience of Cloud experience in AWS, Cloud Framework and Cloud pattern architecture, standard cloud platforms such as Aurora, Elastic Beanstalk, PaaS, IaaS, Cloud Database technologies, Ansible, Kubernetes.
Ability to debate technologies and clearly state design flaws or preferred technologies is a must.
Possess skills to architect in a dev-ops environment as well as operations side.
Previous experience mentoring and managing an existing cloud team.
Experience with AWS, Azure and GCP.
Experience with AWS Security Hub, Azure Security Center, GCP Security Command Center.
Strong knowledge of SIEM solutions and cloud-native security tools.
Familiarity with compliance frameworks (NIST, CIS, FedRAMP, PCI-DSS, HIPAA).
Proficiency in scripting and automation Hands-on experience with Infrastructure as Code (IaC) and policy-as-code tools.
Certifications such as AWS Certified Security, Azure Security Engineer Associate, Google Professional Cloud Security Engineer, CISSP, or CCSP are a plus Preferred qualifications include experience and working knowledge of State of Missouri IT systems which encompasses security, cloud services, infrastructure management on multi-platform environments and management of large scale development and maintenance and operations projects.
Performance Requirements Design and implement infrastructure aligned with organizational security, performance, and cost optimization goals.
Build and configure resources using best practices and Infrastructure as Code (IaC) methodologies where appropriate.
Support agencies in cloud adoption and migration by providing both architectural planning and hands-on setup of environments.
Develop and maintain technical documentation including design diagrams, runbooks, and configuration standards.
Collaborate with security, networking, database, and application teams to ensure cross-functional alignment and integration.
Provide guidance on native tools, resource policies, role-based access control (RBAC), tagging strategies, and logging/monitoring configurations.
Troubleshoot and resolve technical issues related to environments, escalating complex challenges as needed.
Ensure all work aligns with enterprise governance and compliance standards, including NIST - and applicable data privacy regulations.
Deliverables LIST OF DELIVERABLES
(Requirements and Criteria that must be met) DELIVERABLE APPROVAL ACCEPTANCE
(Describe approval acceptance conditions that must be met) Monthly Status Report of work done during the month to include weekly status reports.
Project Deliverable Acceptance Form approved by the Director of Cloud Security and Strategy or designee Reporting Requirements The SOW Vendor must provide weekly status reporting on the services being provided to the State of Missouri using the ITSD Status Report template.
The SOW Vendor shall provide overall project percent complete, items for management attention, action items, project decisions made, risks, out of scope work identified, and track change request items.
Current percent complete must be reported for all deliverables and payment milestones.
A weekly status report will be submitted to the project lead or designated contact.
The report should include: Summary of Work Completed: Overview of both architectural guidance and engineering tasks performed (, environment builds, policy implementation, IaC deployment).
Project Updates: Status of any initiatives supported, including milestones met, blockers, or shifts in scope.
Deliverables Produced: Documentation, diagrams, configurations, or scripts developed that week.
Risks/Issues: Noted technical risks, gaps in standards or configurations, or support needs.
Next Week's Priorities: Planned work items or areas of focus for the following week.
The ITSD Project Deliverable Acceptance Form (PDAF) must be used for deliverable acceptance.
Items may require a deliverable review meeting wherein the SOW Vendor walks through the deliverable with the ITSD and agency staff, followed by revisions as required, and finally, with a request for approval and associated payment per the SOW.
Technical Environment Requirements Depending upon the agency preference, either State owned Microsoft ADO or JIRA shall be used to record, track and resolve issues, bugs and defects.
The SOW Vendor must have all necessary licenses to provide IT services in conjunction with the award of this SOW.
SOW Vendor shall purchase/supply and maintain the required licenses (per developer) for all development tools for the duration of the project, unless specifically indicated by the SOW.
State's Obligations The State, ITSD, will establish an Active Directory or Alt account for each vendor and VDI-RDP (or other) to access resources as necessary.
The State, ITSD, will provide a laptop or other computer devices as necessary.
The State, ITSD, will provide a physical location for vendor as necessary.
The State will make every effort to have the appropriate State staff available to the Vendor personnel on a timely basis.
The State will make every effort to make necessary project and system documentation available on a timely basis.
The State will perform timely review and approval of deliverables.
State Data State Data Location: All data associated with the solution/service shall only be hosted and stored within the United States.
Ownership: The State's electronic data or information submitted by the state or its authorized users with authorized access to the solution/service shall be considered State Data” for ownership purposes of the contract, as the State serves as either the owner or curator of the data submitted in the solution/service.
State Data” shall include: (a) the State's data collected, used, processed, stored, or generated as the result of the Services; (b) personally identifiable information ( PII”) collected, used, processed, stored, or generated as the result of the services, including, without limitation, any information that identifies an individual, such as an individual's social security number or other government-issued identification number, date of birth, address, telephone number, biometric data, mother's maiden name, email address, credit card information, or an individual's name in combination with any other of the elements listed herein; and (c) protected health information ( PHI”) as that term is defined under the Privacy Rule, Code of Federal Regulations (CFR) § State data is and shall remain the sole and exclusive property of the State and all right, title, and interest in the same is reserved by the State.
State Data” stored in the software and services being provided as a result of the contract shall also be known and treated by the SOW Vendor as confidential information in accordance with the contract, applicable SOW Vendor's documentation, and applicable law.
SOW Vendor Use of State Data: The SOW Vendor shall: (a) keep and maintain state data in strict confidence, using such degree of care as is appropriate and consistent with its obligations as further described in the contract and applicable law to avoid unauthorized access, use, disclosure, or loss; (b) use and disclose state data solely and exclusively for the purpose of providing the services, such use and disclosure being in accordance with the contract, any applicable Statement of Work, and applicable law; (c) not use, sell, rent, transfer, distribute, or otherwise disclose or make available state data for SOW Vendor's own purposes or for the benefit of anyone other than the State without the State's prior written consent; and, (d) not provide state data to any third party without the express written permission of the state.
the purpose of providing the services” as referenced above includes the right of the SOW Vendor to use state data to prevent or address service or technical problems, and verify service improvements, in accordance with the contract and the solution's documentation, or in accordance with the State's instructions.
Incremental Extraction of State Data: The SOW Vendor shall provide the State with the ability to conduct an incremental extraction of the State's data ( new and changed data) from the solution on a nightly basis to update the data available in the State Data Warehouse.
The incremental extraction of state data must be available without additional charges, conditions, or contingencies regarding the state's right to extract the data beyond the terms outlined in the SOW Vendor's cloud services agreement, and in the format mutually agreed to by the parties.
The incremental data extractions will allow the State to maintain an updated copy of the State's data for the duration of the contract.
End of Contract Extraction of State Data: At the end of the contract, the State shall have the right to extract its data from the solution for an additional sixty () calendar days from the date of contract expiration.
The end of contract extraction of state data must be at no additional cost, conditions, or contingencies regarding the state's right to extract the data notwithstanding the terms outlined in the SOW Vendor's services agreement, and in the format that was mutually agreed to by the parties.
If a term greater than calendar days is required by the State to complete the state data extraction, the SOW Vendor agrees to work with the State to define the additional term and fees for the additional time.
Extraction of State Data Process Validation: The SOW Vendor must allow the State to perform routine validation of the extraction of the State's data.
The routine validation occurs to ensure the State's data will accurately transfer as prescribed to the State's designated extraction location and accommodates the volume of data transferred.
The SOW Vendor shall assist the State by providing documentation and tools to allow the state to accurately process the extractions of the State's data for the State's continued use.
Backup and Recovery of State Data: Unless otherwise described in the contract, as a part of the services, the SOW Vendor shall maintain a backup of state data and perform an orderly and timely recovery of such data in the event that the production services may be interrupted in accordance with the disaster recovery and business continuity plans.
Return of State-owned Data: The SOW Vendor shall return state-owned data to the State of Missouri in a format mutually agreed to by the State and SOW Vendor and with a key or crosswalk to the information, where applicable, at no additional cost to the State.
The State shall have the right to test the data extract provided by the SOW Vendor at a frequency determined by the State.
Invoicing and Payment Requirements Statement of Work Invoicing: The SOW Vendor shall follow the outlined PDAF process listed in attachments for deliverable acceptance, then upon deliverable approval, will submit their invoice to the ITSD Project or Resource Manager and Administrative Assistant.
All travel-related expenses must be included within the firm, fixed deliverable price.
Payment Holdback Firm, fixed priced per deliverable to fulfill the SOW project, which shall include a % holdback per deliverable for any project for which the total firm, fixed price for all deliverables is $, or greater.
Unless otherwise authorized by the Division of Purchasing, projects with a total firm, fixed price of $, or greater for all deliverables shall have ten percent (%) holdback of each deliverable held back by the agency, which shall be paid to the SOW Vendor upon final acceptance by the state agency of the entire SOW project completion including warranty and receipt by the state agency of an accurate invoice for the final deliverable.
The SOW Vendor shall understand and agree that the payment holdback provisions described herein shall not be construed as a penalty.
The SOW Vendor shall understand and agree forfeiture of Payment Holdback shall result when: The SOW Vendor fails to fulfill the mandatory requirements of the SOW resulting in a deliverable being considered non-compliant with the SOW requirements and the SOW Vendor fails to correct and resolve the issue within ten () business days or other timeframe as agreed to in writing by the State; or The SOW Vendor fails to provide the state agency with an accurate invoice for all successfully completed and accepted deliverables for the SOW project within forty-five () days after State acceptance of the deliverables and completion of warranty period.
The SOW Vendor shall understand and agree return of Payment Holdback shall result: If the SOW project is canceled by the State due to reasons not attributable to the fault of the SOW Vendor prior to completion of the project, all payment holdback amounts retained by the State for completed and accepted SOW deliverables for that particular SOW project shall be paid to the SOW Vendor; or If the SOW project is completed and accepted by the State and the SOW Vendor has invoiced for the project in accordance with the provisions and requirements of the contract.
END OF SCOPE, REQUIREMENTS, DELIVERABLES AND INVOICING SECTION