Tech Lead

Job Summary
Role Title

MFT Platform Engineer - Globus Implementation, Configuration & Operations

Location: Across USA any Location (Only FTE Position)

1. Engagement Overview

Mayo Clinic has selected Globus as a strategic Managed File Transfer (MFT) platform to address critical gaps in secure, large-scale research data movement. The Globus platform is currently being installed in the GCP Cloud Data DMZ and is nearing completion of initial implementation. The Enterprise Interfaces team within the Enterprise Data organization has been designated as the operational home for Globus, alongside existing MFT solutions (Signiant and Cleo).

The contractor will embed within the Enterprise Interfaces team and serve as the primary technical resource for completing Globus operationalization, onboarding initial research customers, establishing operational support processes, and building the team's institutional knowledge of the Globus ecosystem. This engagement is designed to bridge an immediate capacity gap while the organization plans for long-term staffing through Phase 2 positions.

2. Project Context

This engagement directly supports enterprise priorities including:

• Research Enablement - Enabling secure, compliant, high-throughput transfer of large research datasets (terabyte- to petabyte-scale) for Principal Investigator onboarding/offboarding, grant collaborations, and secure data downloads from approved external sites.
• MFT Consolidation - Integrating Globus into the existing MFT portfolio alongside Signiant and Cleo, with a long-term vision toward consolidated MFT operations with an AI-operations-centric approach.
• Security & Compliance - Ensuring alignment with Mayo Clinic ISA, BAA, TPRM, and NIST security framework requirements.

Key Architectural Elements:

• Globus SaaS control plane with user authentication via Entra ID (restricted to allowed identity providers: mayo.edu, globus.org, approved external institutions)
• Two internally hosted Compute Engine VMs running Globus Connect Server (GCS) v5 in the GCP Data DMZ
• GCP ingress and egress S3 storage buckets with a defined 30-day data lifecycle/retention rule
• GridFTP parallel transfer protocol across HTTPS 443 and TCP ports 50000-51000 for high-performance data movement
• Globus Storage Gateways (Google S3 connectors) linking collections to GCP bucket storage
• Data movement performed by Globus-managed service accounts - no direct user access to underlying buckets
• User provisioning managed via Sailpoint
• Flat-fee licensing model for unlimited data transfer and unlimited endpoints (cloud and on-premises)

3. Scope of Work / Key Responsibilities

The contractor will be responsible for, but not limited to, the following:

Platform Configuration & Deployment Completion

• Complete final configuration and hardening of the Globus Connect Server (GCS v5) deployment on GCP Compute Engine VMs within the Data DMZ
• Configure and validate Globus Storage Gateways and S3 Storage Connectors for ingress and egress GCP buckets
• Configure Globus collections (Managed and Guest) aligned with Mayo's data access policies and identity provider restrictions
• Validate end-to-end data transfer workflows including ingress, egress, and staging collection transfers across the Service Connector (SC) boundary into the MCC VPC
• Configure DNS, authentication flows (OAuth/OpenID Connect via Entra ID), and endpoint registration within Globus.org

User Onboarding & Research Customer Support

• Onboard initial research user groups to the Globus platform, providing hands-on support for first transfers
• Develop and document standardized user onboarding procedures, including Sailpoint provisioning workflows and Globus Web App access
• Provide Tier 1/2 operational support for Globus users - troubleshooting transfer failures, stalled transfers, permission issues, connectivity problems, and performance optimization
• Coordinate with Globus vendor support (University of Chicago) for escalated issues using the established Globus support process

Infrastructure Maintenance & Operations

• Monitor and maintain Globus Connect Server VM health, GCS services, and GCP bucket lifecycle policies
• Manage Globus endpoint configurations including storage gateways, identity provider settings, path restrictions, and access policies
• Perform ongoing performance tuning - optimizing GridFTP concurrency, parallelism, data channel configurations, and transfer parameters for high-throughput workloads
• Monitor transfer activity, usage patterns, and audit logs for operational and compliance reporting
• Manage GCS software updates, patches, and version upgrades
• Support disaster recovery planning and testing for the Globus platform

Security & Compliance

• Implement and enforce security controls aligned with Mayo Clinic ISA, BAA, and NIST frameworks
• Manage identity provider configurations and access controls (RBAC) within the Globus platform
• Ensure data governance policies are enforced - including collection-level permissions, path restrictions, and transfer audit logging
• Support TPRM and Risk/OIS requirements as they relate to Globus operations

Knowledge Transfer & Documentation

• Produce comprehensive technical documentation: runbooks, SOPs, architecture diagrams, troubleshooting guides, and operational playbooks
• Participate in the Globus Orientation Session led by Pete Eby from the Architecture team and help translate session content into operational procedures
• Transfer knowledge to Mayo Clinic Enterprise Interfaces staff to enable long-term self-sufficiency
• Document lessons learned from initial user onboarding and operational support activities

Collaboration & Governance

• Navigate Mayo Clinic governance, change management, and approval processes for platform changes
• Collaborate with the Architecture team, Storage/Infrastructure team, and Research stakeholders
• Coordinate with ADO repo owners for configuration and state management
• Provide input into long-term MFT operations planning and AI-operations integration

4. Required Technical Skills

Globus Platform Expertise (Critical)

• 3+ years hands-on experience with the Globus platform, including Globus Connect Server v5 deployment, configuration, and administration
• Deep understanding of the Globus ecosystem: endpoints, collections (managed and guest), storage gateways, storage connectors (S3, POSIX), and the Globus Web App
• Experience with GridFTP protocol - concurrency, parallelism, data channel tuning, and performance optimization for large-scale transfers
• Familiarity with Globus Auth - OAuth 2.0 / OpenID Connect integration, federated identity management, and identity provider configuration
• Experience with Globus Flows for workflow automation and scheduled/recurring transfer operations
• Experience with Globus CLI and Globus Python SDK for scripting and automation
• Familiarity with Globus vendor support engagement processes

Google Cloud Platform (GCP)

• Hands-on experience with GCP Compute Engine (VM provisioning, management, and maintenance)
• Experience with GCP Cloud Storage (S3-compatible buckets, lifecycle policies, IAM, service accounts)
• Understanding of GCP networking - VPCs, firewall rules, DNS, ingress/egress controls, and DMZ architecture
• Experience with GCP IAM, service accounts, and RBAC

Linux Systems Administration

• Strong Linux administration skills (the Globus Connect Server runs on Linux VMs)
• Proficiency with shell scripting (Bash), system monitoring, log analysis, and troubleshooting
• Experience with package management, service configuration, and security hardening on Linux

Networking & Security

• Understanding of network protocols: TCP/IP, HTTPS, GridFTP, DNS
• Experience configuring firewall rules for high-port-range protocols (TCP 50000-51000)
• Familiarity with Zero-Trust security principles and DMZ architecture patterns
• Understanding of HIPAA compliance as it applies to data transfer and PHI handling in healthcare environments

Data Transfer & MFT Concepts

• Broad understanding of Managed File Transfer principles - secure transfer protocols, audit logging, compliance, and data governance
• Experience supporting large-scale data transfers (terabyte- to petabyte-scale) in research, academic, or healthcare environments
• Familiarity with other MFT tools (Signiant, Cleo, or similar) is a plus

5. Preferred / Nice-to-Have Skills

• Experience deploying Globus in a healthcare or regulated environment (HIPAA, NIST)
• Familiarity with Azure DevOps (ADO) for config/state management and CI/CD pipelines
• Experience with Terraform / Infrastructure as Code for GCP resource provisioning
• Knowledge of Sailpoint or similar identity governance platforms for user provisioning
• Experience with Entra ID (Azure AD) federation and SSO integration
• Familiarity with High-Performance Computing (HPC) environments and research data workflows
• Experience with monitoring/observability tools (Prometheus, Grafana, GCP Cloud Monitoring)
• Understanding of Box.com integration patterns (Globus + Box complementary architecture)

6. Other Requirements

• Self-directed problem solver - Identifies issues, researches solutions, and proposes fixes without waiting for detailed instructions. Globus troubleshooting often requires deep dives into different layers of the stack (application, performance, networking, user-support).
• Strong communicator - Able to explain complex technical concepts to both technical staff and research customers; produces clear, concise documentation.
• Enables others - Actively transfers knowledge to internal team members; creates operational runbooks and training materials that enable the team to assume full ownership.
• Customer-oriented - Comfortable working directly with research users to troubleshoot issues and guide them through data transfer workflows.
• Governance-aware - Navigates Mayo Clinic change management, approval processes, and security review requirements effectively.
• Proactive - Anticipates operational needs, identifies process improvements, and proposes solutions for long-term platform sustainability.

The pay range for this role is $130k - $140k per annum including any bonuses or variable pay. Tech Mahindra also offers benefits like medical, vision, dental, life, disability insurance and paid time off (including holidays, parental leave, and sick leave, as required by law). Ask our recruiters for more details on our Benefits package. The exact offer terms will depend on the skill level, educational qualifications, experience, and location of the candidate.

Tech Mahindra is an Equal Employment Opportunity employer. We promote and support a diverse workforce at all levels of the company. All qualified applicants will receive consideration for employment without regard to race, religion, color, sex, age, national origin or disability. All applicants will be evaluated solely on the basis of their ability, competence, and performance of the essential functions of their positions with or without reasonable accommodations. Reasonable accommodations also are available in the hiring process for applicants with disabilities. Candidates can request a reasonable accommodation by contacting the company ADA Coordinator at [email protected] ."