Security Engineer III

ACKO is India’s first and only fully-digital Insurtech (product) company to have taken insurance by storm. You might have seen our cool ads or are already a customer and we hope you have noticed how we are rewriting the rules of the insurance game constantly and persistently.

Based out of Bangalore, we are solving for the Indian market. But we are a part of a global wave of insurtech startups such as ZhongAn in China , Oscar, Lemonade, Metromile in the US, that are known to succeed owing to their business models and technology.

We are a unicorn backed by a slate of marquee investors like Binny Bansal, Amazon, Ascent capital, Accel, SAIF, Catamaran, General Atlantic and Multiples. In only four years since our inception and operations, our products have reached ~75M unique users. We have partnered with some of the biggest names of the digital ecosystem such as Amazon, Ola, RedBus, Oyo, Lendingkart, ZestMoney, GOMMT group etc.

At ACKO, job roles are focused at impact and we’re here to transform the way the industry operates. Innovation drives us and our products, and we are poised to disrupt insurance, powered by our pioneering products. We have changed the landscape of this age old sector in a growing economy like India and have miles to go from here.

After having crossed the $1B valuation mark, our eyes set on even bigger milestones. If you think we’re just about growth and numbers, employee wellbeing lies at the core of all our programs and policies. We are a regular ‘Great Place to Work’ winner and consistently feature on Linkedin’s list of top startups. Currently 1000 strong, we are hiring across all functions.

Responsibilities :

• Perform Security reviews, Vulnerability Assessments & Penetration Testing for Web, Android, iOS, and API endpoints

• Perform Threat Modelling & anticipate potential attack vectors and improve security architecture on complex or cross-functional components

• Identify and remediate OWASP Top 10 and mobile-specific vulnerabilities

• Conduct secure code reviews and red team assessments

• Integrate SAST, DAST, SCA, and secret scanning tools into CI/CD pipelines

• Automate security checks using tools like SonarQube, Snyk, Trivy, etc.

• Maintain and manage vulnerability scanning infrastructure

• Perform security assessments of AWS, Azure, and GCP environments, with an emphasis on container security, particularly for Docker and Kubernetes.

• Implement guardrails for IAM, network segmentation, encryption, and cloud monitoring

• Contribute to infrastructure hardening for containers, Kubernetes, and virtual machines

• Triage bug bounty reports and coordinate remediation with engineering teams

• Act as the primary responder for external security disclosures

• Maintain documentation and metrics related to bug bounty and penetration testing activities

• Collaborate with developers and architects to ensure secure design decisions

• Lead security design reviews for new features and products

• Provide actionable risk assessments and mitigation plans to stakeholders

Required Skills & Experience:

• 5 - 8 years of solid hands-on experience in the VAPT domain

• Solid understanding of Web, Android, and iOS application security

• Experience with DevSecOps tools and integrating security into CI/CD

• Strong knowledge of cloud platforms (AWS/GCP/Azure) and their security models

• Familiarity with bug bounty programs and responsible disclosure practices

• Familiarity with tools like Burp Suite, MobSF, OWASP ZAP, Terraform, Checkov..etc

• Good knowledge of API security

• Scripting experience (Python, Bash, or similar) for automation tasks

Preferred Qualifications:

• OSCP, CEH, AWS Security Specialty, or similar certifications

• Experience working in a regulated environment (e.g., FinTech, InsurTech)