Senior Application Security Engineer - AI-First Development - Las Vegas Sands

Job Description:

Position Overview

The primary responsibility of the Senior Application Security Engineer (AI-First Development) is to design, orchestrate, and validate the offensive security tooling and adversary-emulation capabilities used to find, prove, and help remediate exploitable weaknesses across applications, infrastructure, the software supply chain, and AI/ML systems. This role operates within an AI-First SDLC in which AI agents serve as primary producers of offensive tooling, exploit proof-of-concept code, attack automation, and adversary-emulation artifacts, while the engineer provides operational direction, context engineering, human-in-the-loop governance, and final accountability for the safety, authorization, and effectiveness of all offensive security work. All testing is performed strictly within authorized scope and defined rules of engagement.

The Senior Application Security Engineer is an experienced security or software engineer with a strong offensive security and secure-coding background who has adopted modern AI-assisted development tools as a core part of their daily workflow and is prepared to grow into deeper agent orchestration, context engineering, and verification responsibilities. This is a tool-builder-forward role: the emphasis is on engineering high-quality offensive tooling and exploit proof-of-concepts as much as on executing engagements.

All duties are to be performed in accordance with departmental and Las Vegas Sands Corp.’s policies, practices, and procedures. All Las Vegas Sands Corp. Team Members are expected to conduct and carry themselves in a professional manner at all times. Team Members are required to observe the company’s standards, work requirements and rules of conduct.

Essential Duties & Responsibilities

Offensive Tooling Strategy, Agent Workflow Design, and Orchestration

Design, build, and maintain AI agent workflows that produce offensive security tooling, exploit proof-of-concept code, attack automation, and adversary-emulation artifacts from engagement objectives and authorized scope.

Decompose engagement objectives and threat scenarios into discrete, verifiable offensive tasks and tooling components that AI agents can execute effectively within defined boundaries and rules of engagement.

Select and configure appropriate AI models, agent frameworks, and offensive tooling for each workflow based on blast radius, target sensitivity, operational safety, and cost considerations.

Construct and maintain operational context that provides agents with approved attack techniques, target environment details, rules of engagement, and safety constraints needed to produce correct, in-scope, and consistent outputs.

Contribute to the offensive toolchain, including reusable testing skills, automation hooks, and project memory files that provide persistent context across agent sessions. Authoring of advan