Key Architectural Elements:

• Globus SaaS control plane with user authentication via Entra ID (restricted to allowed identity providers: mayo.edu, globus.org, approved external institutions)
• Two internally hosted Compute Engine VMs running Globus Connect Server (GCS) v5 in the Google Cloud Platform Data DMZ
• Google Cloud Platform ingress and egress S3 storage buckets with a defined 30-day data lifecycle/retention rule
• GridFTP parallel transfer protocol across HTTPS 443 and TCP ports 50000–51000 for high-performance data movement
• Globus Storage Gateways (Google S3 connectors) linking collections to Google Cloud Platform bucket storage
• Data movement performed by Globus-managed service accounts — no direct user access to underlying buckets
• User provisioning managed via Sailpoint
• Flat-fee licensing model for unlimited data transfer and unlimited endpoints (cloud and on-premises)

3. Scope of Work / Key Responsibilities

Platform Configuration & Deployment Completion

• Complete final configuration and hardening of the Globus Connect Server (GCS v5) deployment on Google Cloud Platform Compute Engine VMs within the Data DMZ
• Configure and validate Globus Storage Gateways and S3 Storage Connectors for ingress and egress Google Cloud Platform buckets
• Configure Globus collections (Managed and Guest) aligned with Mayo''s data access policies and identity provider restrictions
• Validate end-to-end data transfer workflows including ingress, egress, and staging collection transfers across the Service Connector (SC) boundary into the MCC VPC
• Configure DNS, authentication flows (OAuth/OpenID Connect via Entra ID), and endpoint registration within Globus.org

User Onboarding & Research Customer Support

• Onboard initial research user groups to the Globus platform, providing hands-on support for first transfers
• Develop and document standardized user onboarding procedures, including Sailpoint provisioning workflows and Globus Web App access
• Provide Tier 1/2 operational support for Globus users — troubleshooting transfer failures, stalled transfers, permission issues, connectivity problems, and performance optimization
• Coordinate with Globus vendor support (University of Chicago) for escalated issues using the established Globus support process

Infrastructure Maintenance & Operations

• Monitor and maintain Globus Connect Server VM health, GCS services, and Google Cloud Platform bucket lifecycle policies
• Manage Globus endpoint configurations including storage gateways, identity provider settings, path restrictions, and access policies
• Perform ongoing performance tuning — optimizing GridFTP concurrency, parallelism, data channel configurations, and transfer parameters for high-throughput workloads
• Monitor transfer activity, usage patterns, and audit logs for operational and compliance reporting
• Manage GCS software updates, patches, and version upgrades
• Support disaster recovery planning and testing for the Globus platform

Security & Compliance

• Implement and enforce security controls aligned with Mayo Clinic ISA, BAA, and NIST frameworks
• Manage identity provider configurations and access controls (RBAC) within the Globus platform
• Ensure data governance policies are enforced — including collection-level permissions, path restrictions, and transfer audit logging
• Support TPRM and Risk/OIS requirements as they relate to Globus operations

Knowledge Transfer & Documentation

• Produce comprehensive technical documentation: runbooks, SOPs, architecture diagrams, troubleshooting guides, and operational playbooks
• Participate in the Globus Orientation Session led by Pete Eby from the Architecture team and help translate session content into operational procedures
• Transfer knowledge to Mayo Clinic Enterprise Interfaces staff to enable long-term self-sufficiency
• Document lessons learned from initial user onboarding and operational support activities

Collaboration & Governance

• Navigate Mayo Clinic governance, change management, and approval processes for platform changes
• Collaborate with the Architecture team, Storage/Infrastructure team, and Research stakeholders
• Coordinate with ADO repo owners for configuration and state management
• Provide input into long-term MFT operations planning and AI-operations integration

4. Required Technical Skills

Globus Platform Expertise (Critical)

• 3+ years hands-on experience with the Globus platform, including Globus Connect Server v5 deployment, configuration, and administration
• Deep understanding of the Globus ecosystem: endpoints, collections (managed and guest), storage gateways, storage connectors (S3, POSIX), and the Globus Web App
• Experience with GridFTP protocol — concurrency, parallelism, data channel tuning, and performance optimization for large-scale transfers
• Familiarity with Globus Auth — OAuth 2.0 / OpenID Connect integration, federated identity management, and identity provider configuration
• Experience with Globus Flows for workflow automation and scheduled/recurring transfer operations
• Experience with Globus CLI and Globus Python SDK for scripting and automation
• Familiarity with Globus vendor support engagement processes

Google Cloud Platform (Google Cloud Platform)

• Hands-on experience with Google Cloud Platform Compute Engine (VM provisioning, management, and maintenance)
• Experience with Google Cloud Platform Cloud Storage (S3-compatible buckets, lifecycle policies, IAM, service accounts)
• Understanding of Google Cloud Platform networking — VPCs, firewall rules, DNS, ingress/egress controls, and DMZ architecture
• Experience with Google Cloud Platform IAM, service accounts, and RBAC

Linux Systems Administration

• Strong Linux administration skills (the Globus Connect Server runs on Linux VMs)
• Proficiency with shell scripting (Bash), system monitoring, log analysis, and troubleshooting
• Experience with package management, service configuration, and security hardening on Linux

Networking & Security

• Understanding of network protocols: TCP/IP, HTTPS, GridFTP, DNS
• Experience configuring firewall rules for high-port-range protocols (TCP 50000–51000)
• Familiarity with Zero-Trust security principles and DMZ architecture patterns
• Understanding of HIPAA compliance as it applies to data transfer and PHI handling in healthcare environments

Data Transfer & MFT Concepts

• Broad understanding of Managed File Transfer principles — secure transfer protocols, audit logging, compliance, and data governance
• Experience supporting large-scale data transfers (terabyte- to petabyte-scale) in research, academic, or healthcare environments
• Familiarity with other MFT tools (Signiant, Cleo, or similar) is a plus

5. Preferred / Nice-to-Have Skills

• Experience deploying Globus in a healthcare or regulated environment (HIPAA, NIST)
• Familiarity with Azure DevOps (ADO) for config/state management and CI/CD pipelines
• Experience with Terraform / Infrastructure as Code for Google Cloud Platform resource provisioning
• Knowledge of Sailpoint or similar identity governance platforms for user provisioning
• Experience with Entra ID (Azure AD) federation and SSO integration
• Familiarity with High-Performance Computing (HPC) environments and research data workflows
• Experience with monitoring/observability tools (Prometheus, Grafana, Google Cloud Platform Cloud Monitoring)
• Understanding of Box.com integration patterns (Globus + Box complementary architecture)