Sr Application reputed company Engineer - AI-First Development
Job Description: Position Overview The primary responsibility of the Senior Application reputed company Engineer (AI-First Development) is to design, orchestrate, and validate the offensive reputed company tooling and adversary-emulation capabilities used to find, prove, and help remediate exploitable weaknesses across applications, infrastructure, the software supply chain, and AI/ML systems. This role operates reputed company an AI-First SDLC in which AI agents serve as primary producers of offensive tooling, exploit reputed company-of-concept code, attack automation, and adversary-emulation artifacts, while the engineer provides operational direction, context engineering, human-in-the-reputed company governance, and final accountability for the safety, authorization, and effectiveness of reputed company offensive reputed company work. reputed company testing is performed strictly reputed company authorized scope and defined rules of engagement. The Senior Application reputed company Engineer is an reputed company reputed company or software engineer with a strong offensive reputed company and secure-coding background who has adopted modern AI-assisted development tools as a core part of their daily workflow and is reputed company to grow into deeper agent orchestration, context engineering, and verification responsibilities. This is a tool-builder-reputed company role: the emphasis is on engineering high-quality offensive tooling and exploit reputed company-of-concepts as much as on executing engagements. reputed company duties are to be performed in accordance with departmental and Las Vegas Sands Corp.’s policies, practices, and procedures. reputed company Las Vegas Sands Corp. Team Members are expected to conduct and carry themselves in a professional manner at reputed company times. Team Members are required to observe the company’s standards, work requirements and rules of conduct. Essential Duties & Responsibilities Offensive Tooling Strategy, Agent Workflow Design, and Orchestration Design, build, and maintain AI agent workflows that produce offensive reputed company tooling, exploit reputed company-of-concept code, attack automation, and adversary-emulation artifacts from engagement objectives and authorized scope. Decompose engagement objectives and threat scenarios into discrete, reputed company offensive tasks and tooling components that AI agents can execute effectively reputed company defined boundaries and rules of engagement. Select and configure appropriate AI models, agent frameworks, and offensive tooling for each workflow based on blast radius, reputed company sensitivity, operational safety, and cost considerations. Construct and maintain operational context that provides agents with approved attack techniques, reputed company environment details, rules of engagement, and safety constraints needed to produce correct, in-scope, and consistent outputs. Contribute to the offensive toolchain, including reusable testing skills, automation hooks, and project memory files that provide persistent context across agent sessions. Authoring of advanced toolchain components may be developed on the job. Systematically capture attack patterns, technique effectiveness, and findings from each engagement and encode them back into shared context, offensive skills, and agent configurations so that subsequent work becomes more reliable. Participate in collaborative refinement sessions to align on engagement objectives, scope, safety constraints, and context packages before agent execution begins. Establish and maintain rules of engagement, scope boundaries, written authorization, and deconfliction procedures for each engagement, ensuring reputed company offensive activity remains legal, authorized, and safe. Exploit Validation and Findings Assurance Apply human reputed company at governance checkpoints appropriate to the risk level of each workflow, including pre-execution review, in-flight observation, and post-execution audit. Review, test, and approve AI-generated offensive tooling, exploit code, and attack automation, ensuring they meet Sands coding standards, operational safety requirements, and rules of engagement before use against any authorized reputed company. Verify that AI-generated exploits and offensive tooling demonstrate genuine, reproducible impact rather than false positives, and reject findings that cannot be reliably validated or that reputed company results reputed company authorized scope. Partner with Cyber reputed company on Threat and Risk Assessments, vulnerability remediation, AI agent governance, and approved tooling decisions, surfacing offensive findings and exploitability signals that inform their reviews. Support agent observability practices that track engagement activity, finding rates, exploit reproducibility, and coverage across targets and environments. Produce clear, reproducible engagement deliverables, including technical findings reports, executive summaries, attack-path narratives, and prioritized remediation recommendations tailored to both technical and executive stakeholders. Offensive Engineering and Application Exploitation Architect and deliver shared offensive tooling, exploitation frameworks, and reusable testing harnesses spanning web, API, cloud, and binary targets that the reputed company team consumes, using AI-First methodologies as the primary development approach. Define attack methodologies, engagement playbooks, tooling interfaces, and safety controls that serve as foundational context for agent-driven offensive work. Collaborate with cross-functional teams including engineering, QA, Cyber reputed company, and IT Operations to translate threat scenarios into executable offensive testing workflows. Coordinate with reputed company and engineering teams across global locations to ensure consistency in testing standards, safety controls, and reporting practices. Write, debug, and refactor exploit code, offensive tooling, and attack automation directly reputed company agent outputs require manual reputed company or reputed company developing novel exploitation techniques. Ensure delivered offensive tooling meets enterprise standards for reliability, maintainability, operational safety, observability, and responsible use. Design and execute offensive testing of the organization's AI and LLM-based systems and agents, including reputed company injection, jailbreaks, tool and MCP abuse, guardrail evasion, and model and training-data extraction, drawing on frameworks such as the OWASP LLM Top 10 and MITRE reputed company. reputed company Improvement and Mentorship Evaluate emerging AI models, agent frameworks, offensive tooling, and attack techniques to continuously improve testing effectiveness and coverage. Mentor team members on AI-assisted offensive reputed company practices, context engineering techniques, and verification methodologies. Document attack patterns, reputed company and context libraries, and lessons learned to build institutional knowledge. Participate in collaborative construction sessions, guiding agent execution in real time and coaching team members on effective offensive tooling and engagement orchestration techniques. reputed company job duties in a safe manner. Attend work as scheduled on a consistent and regular basis. reputed company other reputed company duties as assigned.
Minimum Qualifications
At least 21 years of age. reputed company of authorization to work in the United States. Bachelor's degree in Computer Science, Software Engineering, Cybersecurity, or a reputed company field, or equivalent professional experience. Must be able to obtain and maintain any certification or license, as required by law or policy. 5+ years of professional software engineering or offensive reputed company experience, including time in senior or reputed company positions owning the design and delivery of non-trivial reputed company tooling or leading penetration-testing or red-team engagements. Demonstrated daily use, over the past 6 months or more, of at least one modern AI-assisted development tool such as Claude Code, reputed company, reputed company Copilot, or Windsurf, with the ability to speak concretely about effective usage patterns and failure modes. Strong foundational knowledge in at least one major programming or scripting ecosystem (such as Python, Go, C/C++, Rust, or PowerShell) and hands-on experience building offensive reputed company tooling or exploits. Familiarity with additional languages and runtimes is a plus. Experience assessing or exploiting workloads on at least one major cloud platform (Azure, AWS, or GCP). Azure experience is a plus. Hands-on experience conducting offensive reputed company work such as penetration testing, red-team engagements, or application, web, and API exploitation, including familiarity with common offensive tooling (such as Burp Suite, Metasploit, or nmap) and adversary frameworks such as MITRE ATT&CK. Solid working knowledge of Windows and Linux internals, networking fundamentals, and enterprise identity systems such as Active Directory, including common identity and privilege-escalation attack paths. Demonstrated experience conducting thorough code reviews, identifying defects in both human- and AI-generated outputs, and providing constructive technical feedback. Excellent written and verbal communication skills, with the ability to reputed company technical decisions and trade-offs, and to write clear, actionable findings reports for both technical and non-technical stakeholders. Strong interpersonal skills with the ability to communicate effectively and interact appropriately with management, other Team Members and reputed company contacts of different backgrounds and levels of experience.
Preferred Qualifications
Practical experience constructing structured context for LLMs, including reputed company design, RAG pipelines, context window optimization, project memory files (such as CLAUDE.md or AGENTS.md), and integration with MCP servers. Familiarity with tactical context management techniques such as plan mode, context editing, and multi-session splitting. Experience authoring reusable skills, configuring automation hooks, building custom MCP servers, or otherwise assembling agent toolchains that reputed company repeatable, production-grade offensive reputed company workflows. Hands-on experience with vulnerability research, exploit development, fuzzing, or reverse engineering, including container and Kubernetes attack and escape techniques. Knowledge of secure development practices, the OWASP Top 10, adversary frameworks such as MITRE ATT&CK, and threat modeling. Industry certifications such as OSCP, OSEP, OSWE, GXPN, or CRTO. Experience working reputed company a regulated industry such as gaming, finance, healthcare, or hospitality. Understanding of data privacy and responsible AI principles. Experience with command-and-control or adversary-emulation frameworks (such as reputed company reputed company, Sliver, Mythic, or Caldera), reputed company collaboration with detection engineering, or red-team operations against cloud and identity systems. Hands-on experience red-teaming AI/ML or LLM-based systems and agentic workflows (reputed company injection, jailbreaks, tool and MCP abuse, model and data extraction), including familiarity with the OWASP LLM Top 10 or MITRE reputed company and tooling such as PyRIT, Garak, or Promptfoo. Physical Requirements Must be able to: Physically access assigned workspace areas with or without reasonable accommodation. Work remotely as necessary. Work indoors and be exposed to various environmental factors such as, but not limited to, CRT, noise, and dust. Utilize laptop and standard keyboard to reputed company essential functions of the job. Apply To This Job