MFT Platform Engineer Globus Implementation, Configuration & Operations || Remote

MFT Platform Engineer Globus Implementation, Configuration & Operations

Location: Across USA any Location (Only FTE Position)

1. Engagement Overview

Mayo Clinic has selected Globus as a strategic Managed File Transfer (MFT) platform to address critical gaps in secure, large-scale research data movement. The Globus platform is currently being installed in the Google Cloud Platform Cloud Data DMZ and is nearing completion of initial implementation. The Enterprise Interfaces team within the Enterprise Data organization has been designated as the operational home for Globus, alongside existing MFT solutions (Signiant and Cleo).

The contractor will embed within the Enterprise Interfaces team and serve as the primary technical resource for completing Globus operationalization, onboarding initial research customers, establishing operational support processes, and building the team's institutional knowledge of the Globus ecosystem. This engagement is designed to bridge an immediate capacity gap while the organization plans for long-term staffing through Phase 2 positions.

2. Project Context

This engagement directly supports enterprise priorities including:

Research Enablement Enabling secure, compliant, high-throughput transfer of large research datasets (terabyte- to petabyte-scale) for Principal Investigator onboarding/offboarding, grant collaborations, and secure data downloads from approved external sites.

MFT Consolidation Integrating Globus into the existing MFT portfolio alongside Signiant and Cleo, with a long-term vision toward consolidated MFT operations with an AI-operations-centric approach.

Security & Compliance Ensuring alignment with Mayo Clinic ISA, BAA, TPRM, and NIST security framework requirements.

Key Architectural Elements:

Globus SaaS control plane with user authentication via Entra ID (restricted to allowed identity providers: , , approved external institutions)

Two internally hosted Compute Engine VMs running Globus Connect Server (GCS) v5 in the Google Cloud Platform Data DMZ

Google Cloud Platform ingress and egress S3 storage buckets with a defined 30-day data lifecycle/retention rule

GridFTP parallel transfer protocol across HTTPS 443 and TCP ports 50000 51000 for high-performance data movement

Globus Storage Gateways (Google S3 connectors) linking collections to Google Cloud Platform bucket storage

Data movement performed by Globus-managed service accounts no direct user access to underlying buckets

User provisioning managed via Sailpoint

Flat-fee licensing model for unlimited data transfer and unlimited endpoints (cloud and on-premises)

3. Scope of Work / Key Responsibilities

The contractor will be responsible for, but not limited to, the following:

Platform Configuration & Deployment Completion

Complete final configuration and hardening of the Globus Connect Server (GCS v5) deployment on Google Cloud Platform Compute Engine VMs within the Data DMZ

Configure and validate Globus Storage Gateways and S3 Storage Connectors for ingress and egress Google Cloud Platform buckets

Configure Globus collections (Managed and Guest) aligned with Mayo's data access policies and identity provider restrictions

Validate end-to-end data transfer workflows including ingress, egress, and staging collection transfers across the Service Connector (SC) boundary into the MCC VPC

Configure DNS, authentication flows (OAuth/OpenID Connect via Entra ID), and endpoint registration within Globus.org

User Onboarding & Research Customer Support

Onboard initial research user groups to the Globus platform, providing hands-on support for first transfers

Develop and document standardized user onboarding procedures, including Sailpoint provisioning workflows and Globus Web App access

Provide Tier 1/2 operational support for Globus users troubleshooting transfer failures, stalled transfers, permission issues, connectivity problems, and performance optimization

Coordinate with Globus vendor support (University of Chicago) for escalated issues using the established Globus support process

Infrastructure Maintenance & Operations

Monitor and maintain Globus Connect Server VM health, GCS services, and Google Cloud Platform bucket lifecycle policies

Manage Globus endpoint configurations including storage gateways, identity provider settings, path restrictions, and access policies

Perform ongoing performance tuning optimizing GridFTP concurrency, parallelism, data channel configurations, and transfer parameters for high-throughput workloads

Monitor transfer activity, usage patterns, and audit logs for operational and compliance reporting

Manage GCS software updates, patches, and version upgrades

Support disaster recovery planning and testing for the Globus platform

Security & Compliance

Implement and enforce security controls aligned with Mayo Clinic ISA, BAA, and NIST frameworks

Manage identity provider configurations and access controls (RBAC) within the Globus platform

Ensure data governance policies are enforced including collection-level permissions, path restrictions, and transfer audit logging

Support TPRM and Risk/OIS requirements as they relate to Globus operations

Knowledge Transfer & Documentation

Produce comprehensive technical documentation: runbooks, SOPs, architecture diagrams, troubleshooting guides, and operational playbooks

Participate in the Globus Orientation Session led by Pete Eby from the Architecture team and help translate session content into operational procedures

Transfer knowledge to Mayo Clinic Enterprise Interfaces staff to enable long-term self-sufficiency

Document lessons learned from initial user onboarding and operational support activities

Collaboration & Governance

Navigate Mayo Clinic governance, change management, and approval processes for platform changes

Collaborate with the Architecture team, Storage/Infrastructure team, and Research stakeholders

Coordinate with ADO repo owners for configuration and state management

Provide input into long-term MFT operations planning and AI-operations integration

4. Required Technical Skills

Globus Platform Expertise (Critical)
3+ years hands-on experience with the Globus platform, including Globus Connect Server v5 deployment, configuration, and administration

Deep understanding of the Globus ecosystem: endpoints, collections (managed and guest), storage gateways, storage connectors (S3, POSIX), and the Globus Web App

Experience with GridFTP protocol concurrency, parallelism, data channel tuning, and performance optimization for large-scale transfers

Familiarity with Globus Auth OAuth 2.0 / OpenID Connect integration, federated identity management, and identity provider configuration

Experience with Globus Flows for workflow automation and scheduled/recurring transfer operations

Experience with Globus CLI and Globus Python SDK for scripting and automation

Familiarity with Globus vendor support engagement processes

Google Cloud Platform (Google Cloud Platform)

Hands-on experience with Google Cloud Platform Compute Engine (VM provisioning, management, and maintenance)

Experience with Google Cloud Platform Cloud Storage (S3-compatible buckets, lifecycle policies, IAM, service accounts)

Understanding of Google Cloud Platform networking VPCs, firewall rules, DNS, ingress/egress controls, and DMZ architecture

Experience with Google Cloud Platform IAM, service accounts, and RBAC

Linux Systems Administration

Strong Linux administration skills (the Globus Connect Server runs on Linux VMs)

Proficiency with shell scripting (Bash), system monitoring, log analysis, and troubleshooting

Experience with package management, service configuration, and security hardening on Linux

Networking & Security

Understanding of network protocols: TCP/IP, HTTPS, GridFTP, DNS

Experience configuring firewall rules for high-port-range protocols (TCP 50000 51000)

Familiarity with Zero-Trust security principles and DMZ architecture patterns

Understanding of HIPAA compliance as it applies to data transfer and PHI handling in healthcare environments

Data Transfer & MFT Concepts

Broad understanding of Managed File Transfer principles secure transfer protocols, audit logging, compliance, and data governance

Experience supporting large-scale data transfers (terabyte- to petabyte-scale) in research, academic, or healthcare environments

Familiarity with other MFT tools (Signiant, Cleo, or similar) is a plus

5. Preferred / Nice-to-Have Skills

Experience deploying Globus in a healthcare or regulated environment (HIPAA, NIST)

Familiarity with Azure DevOps (ADO) for config/state management and CI/CD pipelines

Experience with Terraform / Infrastructure as Code for Google Cloud Platform resource provisioning

Knowledge of Sailpoint or similar identity governance platforms for user provisioning

Experience with Entra ID (Azure AD) federation and SSO integration

Familiarity with High-Performance Computing (HPC) environments and research data workflows

Experience with monitoring/observability tools (Prometheus, Grafana, Google Cloud Platform Cloud Monitoring)

Understanding of Box.com integration patterns (Globus + Box complementary architecture)

6. Other Requirements
   Self-directed problem solver Identifies issues, researches solutions, and proposes fixes without waiting for detailed instructions. Globus troubleshooting often requires deep dives into different layers of the stack (application, performance, networking, user-support).

Strong communicator Able to explain complex technical concepts to both technical staff and research customers; produces clear, concise documentation.

Enables others Actively transfers knowledge to internal team members; creates operational runbooks and training materials that enable the team to assume full ownership.

Customer-oriented Comfortable working directly with research users to troubleshoot issues and guide them through data transfer workflows.

Governance-aware Navigates Mayo Clinic change management, approval processes, and security review requirements effectively.

Proactive Anticipates operational needs, identifies process improvements, and proposes solutions for long-term platform sustainability.