Application & Vulnerability Manager​

At MFS, you will find a culture that supports you in doing what you do best. Our employees work together to reach better outcomes, favoring the strongest idea over the strongest individual. We put people first and demonstrate care and compassion for our community and each other. Because what we do matters – to us as valued professionals and to the millions of people and institutions who rely on us to help them build more secure and prosperous futures.

THE ROLE

The primary purpose of the Application and Vulnerability Manager is to oversee the security, performance, and support of end user devices, including mobile phones, legacy applications, and new technologies. This role is pivotal in safeguarding the organization's digital assets by managing application lifecycles, mitigating vulnerabilities, and ensuring optimal functionality and security across all user devices. The manager will lead a team of IT professionals, fostering a culture of continuous improvement, innovation, and responsiveness to evolving technological and security challenges. Through strategic planning and proactive management, the Application and Vulnerability Manager will ensure that the organization's technology infrastructure supports its business objectives, maintains compliance with industry standards, and enhances the overall user experience.

WHAT YOU WILL DO

• Lead and manage a team of IT professionals, including developers, system administrators, and support staff.
• Provide mentorship, training, and development opportunities for team members.
• Foster a collaborative and innovative work environment.
• Oversee the vulnerability management for client services, including:
  • End user devices, Middleware applications, databases, operating systems, and server hardware.

• Prioritize vulnerabilities based on risk, business impact, and exploitability for end-user devices including laptops and other hardware assets.
• Collaborate with primary support contacts to implement timely remediation efforts.
• Maintain a vulnerability management lifecycle to track detection, reporting, and remediation.
• Oversee the maintenance, support, and enhancement of legacy applications.
• Ensure legacy systems are stable, secure, and compliant with industry standards and regulations.
• Advise and implement strategies for modernizing legacy applications to meet current and future business needs.
• Advise in the plan, design, and deploy new application infrastructure to support organizational growth and efficiency.
• Ensure new applications are integrated seamlessly with existing systems.
• Collaborate with stakeholders to gather requirements and ensure new applications meet business needs.
• Participate in projects ensuring they are delivered on time, within scope, and within budget.
• Coordinate with cross-functional teams to ensure project success.
• Stay current with industry trends and emerging technologies.
• Evaluate and recommend new technologies and tools to enhance infrastructure and application performance.
• Ensure best practices in system architecture, security, and data management are followed.
• Manage relationships with third-party vendors and service providers ensuring vendors meet performance and quality standards.
• Advise and participate in contract negotiations and service level agreements (SLAs).
• Monitor system performance and identify areas for improvement.
• Communicate effectively with senior management and other stakeholders.
• Ensure secure configurations for client services applications, including patching and hardening servers, databases, and operating systems.
• Administer endpoint security solutions for laptops and user devices.
• Partner with IT operations to deploy tools and processes for continuous monitoring and risk mitigation.
• Monitor and report compliance with organizational security standards.

Additional Duties

• Investigate and respond to vulnerabilities exploited in end user devices, operating systems, middleware, databases, or hardware.
• Collaborate with incident response teams during security events to ensure rapid containment and remediation.
• Stay updated on the latest vulnerabilities, threats, and mitigation techniques for infrastructure systems.
• Recommend and deploy tools for automated vulnerability scanning and patch management.
• Conduct regular training for infrastructure teams on secure configuration practices.
• Present regular reports on vulnerability findings, remediation progress, and infrastructure risk posture.
• Communicate effectively with cross-functional teams, including cloud architects, database administrators, and IT support teams.

WHAT WE ARE LOOKING FOR

• Bachelor’s degree or equivalent.
• 6-8+ years of experience in IT security or vulnerability management, with a focus on infrastructure systems.
• Proven experience with vulnerability scanning tools (e.g., Tenable) and infrastructure monitoring tools.
• Strong understanding of cloud infrastructure security and on-premise systems.
• Infrastructure Understanding and Knowledge:
  • Operating Systems: Windows, Linux/Unix.
  • Databases: SQL Server, Oracle, etc.
  • Cloud platforms: AWS, Azure.
• Familiarity with network concepts (TCP/IP, DNS, VPN, DHCP) and Middleware: WebLogic, WebSphere, Apache, etc.
• Strong problem-solving and analytical skills.
• Ability to manage time effectively and handle multiple tasks.
• Excellent written and verbal communication skills.
• Team-oriented, with the ability to work independently and provide guidance to staff members.
• Knowledge of IT security principles and experience implementing security measures.

PREFERRED SKILLS, QUALIFICATIONS & EXPERIENCE

• Relevant certifications: CISSP, CISM, Microsoft Certified: Security, Compliance, and Identity

#MBLI

#LI-HYBRID

At MFS, we are dedicated to building a diverse, inclusive and authentic workplace. If you are excited about this role but your past experience doesn't align perfectly, we encourage you to apply - you might be just the right candidate for this role or others.

• Generous time-off provided: including "Responsible time off" for many roles, paid company holidays when the US Stock Exchange is closed, plus paid volunteer time
• Family Focus: Up to 20 weeks of paid leave for new parents, back-up care program, dependent care flexible spending account, adoption assistance, generous caregiver leave
• Health and Welfare: Competitive medical, vision and dental plans, plus tax-free health savings accounts with company contributions
• Wellness Programs: Robust wellness webinars, employee assistance program, gym reimbursement through our medical plans, fitness center discounts and more
• Life & Disability Benefits: Company-paid basic life insurance and short-term disability
• Financial Benefits: 401(k) savings plan, Defined Contribution plan- 15% of base salary invested into the Plan, competitive total compensation programs

MFS is a hybrid work environment (remote/onsite) unless otherwise stated in the job posting.

If any applicant is unable to complete an application or respond to a job opening because of a disability, please contact MFS at 617-954-5000 or email talent_acquisition@mfs.com for assistance. 

MFS is an Affirmative Action and Equal Opportunity Employer and it is our policy to not discriminate against any employee or applicant for employment because of race, color, religion, sex, national origin, age, marital status, sexual orientation, gender identity, genetic information, disability, veteran status, or any other status protected by federal, state or local laws. Employees and applicants of MFS will not be subject to harassment on the basis of their status. Additionally, retaliation, including intimidation, threats, or coercion, because an employee or applicant has objected to discrimination, engaged or may engage in filing a complaint, assisted in a review, investigation, or hearing or have otherwise sought to obtain their legal rights under any Federal, State, or local EEO law is prohibited. Please see the Know Your Rights: Workplace Discrimination is Illegal document and Pay Transparency Nondiscrimination Provision, linked for your reference.