×
Register Here to Apply for Jobs or Post Jobs. X
More jobs:

Sr Application Security Engineer - AI-First Development

Job in Las Vegas, Clark County, Nevada, 89105, USA
Listing for: Las Vegas Sands Corp.
Full Time position
Listed on 2026-06-23
Job specializations:
  • IT/Tech
    Cybersecurity
Salary/Wage Range or Industry Benchmark: 120000 - 150000 USD Yearly USD 120000.00 150000.00 YEAR
Job Description & How to Apply Below

Position Overview

The primary responsibility of the Senior Application Security Engineer (AI-First Development) is to design, orchestrate, and validate the offensive security tooling and adversary-emulation capabilities used to find, prove, and help remediate exploitable weaknesses across applications, infrastructure, the software supply chain, and AI/ML systems. This role operates within an AI-First SDLC where AI agents are the primary producers of offensive tooling, exploit proof‑of‑concept code, attack automation, and adversary‑emulation artifacts.

The engineer provides operational direction, context engineering, human‑in‑the‑loop governance, and final accountability for the safety, authorization, and effectiveness of all offensive security work. All testing is performed strictly within authorized scope and defined rules of engagement.

Essential Duties & Responsibilities Offensive Tooling Strategy, Agent Workflow Design, and Orchestration Design

Build, maintain, and orchestrate AI agent workflows that produce offensive security tooling, exploit proof‑of‑concept code, attack automation, and adversary‑emulation artifacts from engagement objectives and authorized scope. Decompose engagement objectives and threat scenarios into discrete, verifiable offensive tasks and tooling components that AI agents can execute effectively within defined boundaries and rules of engagement. Select and configure appropriate AI models, agent frameworks, and offensive tooling for each workflow based on blast radius, target sensitivity, operational safety, and cost considerations.

Construct and maintain operational context that provides agents with approved attack techniques, target environment details, rules of engagement, and safety constraints needed to produce correct, in‑scope, and consistent outputs. Contribute to the offensive toolchain, including reusable testing skills, automation hooks, and project memory files that provide persistent context across agent sessions. Systematically capture attack patterns, technique effectiveness, and findings from each engagement and encode them back into shared context, offensive skills, and agent configurations so that subsequent work becomes more reliable.

Participate in collaborative refinement sessions to align on engagement objectives, scope, safety constraints, and context packages before agent execution begins. Establish and maintain rules of engagement, scope boundaries, written authorization, and deconfliction procedures for each engagement, ensuring all offensive activity remains legal, authorized, and safe.

Exploit Validation and Findings Assurance

Apply human oversight at governance checkpoints appropriate to the risk level of each workflow, including pre‑execution review, in‑flight observation, and post‑execution audit. Review, test, and approve AI‑generated offensive tooling, exploit code, and attack automation, ensuring they meet coding standards, operational safety requirements, and rules of engagement before use against any authorized target. Verify that AI‑generated exploits and offensive tooling demonstrate genuine, reproducible impact rather than false positives, and reject findings that cannot be reliably validated or that achieve results outside authorized scope.

Partner with Cyber Security on threat and risk assessments, vulnerability remediation, AI agent governance, and approved tooling decisions, surfacing offensive findings and exploitability signals that inform their reviews. Support agent observability practices that track engagement activity, finding rates, exploit reproducibility, and coverage across targets and environments. Produce clear, reproducible engagement deliverables, including technical findings reports, executive summaries, attack‑path narratives, and prioritized remediation recommendations tailored to both technical and executive stakeholders.

Offensive

Engineering and Application Exploitation

Architect and deliver shared offensive tooling, exploitation frameworks, and reusable testing harnesses spanning web, API, cloud, and binary targets that the security team consumes, using AI‑First methodologies as the primary development…

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary