About Us

ACKO is the protection destination for over 200 million tech-savvy families across India, protecting their families, assets and money. Launched in 2016, ACKO started by reimagining insurance, making it simple, hassle-free and customer-first. Today, our mission goes beyond that: we aim to touch the lives of 1 million users, building products that solve real-world problems with technology at the core.

We are not just another insurance company, our DNA is product-tech, and our approach is bold, innovative, and digital-first. From zero commission, zero paperwork, and instant renewals to same-day claims settlements and app-based tracking, ACKO is a Welcome Change from traditional insurers.

But what truly sets us apart? Our people. At ACKO, every Acker’s voice and ideas matter. We’re a vibrant, inclusive team of creators, thinkers, and doers, building products that redefine protection while ensuring each Acker grows, thrives and does meaningful work.

Join us at ACKO, where bold ideas, real impact and tech-driven innovation redefine protection and peace of mind - and where YOU can make a real difference in people's lives. ACKO is a product-tech company, launched in 2016, solving real-world problems for customers, starting with insurance. And as a customer-first organization serving the digitally-savvy, ACKO’s value proposition of ‘Welcome Change’ focuses on offerings that make insurance simple and hassle-free! With features such as zero commission, zero paperwork, instant renewal, same-day claim settlements, and app-based updates on claims, ACKO is a 'Welcome Change' from traditional insurers.

Having said that, we are not just another conventional insurance firm, or the people consulted solely for "claims”! Anchored in a tech-centric philosophy, ACKO’s approach fuels innovation, empowering us to develop comprehensive products that cater to every aspect of our customers' insurance requirements. And while we are at it, we put our Ackers at the heart of everything we do. We're not your typical 9-to-5 workplace; we're a vibrant and inclusive bunch of innovators and creators making sure every Acker’s idea matters, their voice is heard, and their growth is part of our mission.

About the role

We are looking for a skilled and driven Security Engineer to join our growing security team. This role requires a hands-on professional who can evaluate and strengthen the security posture of our applications and infrastructure across Web, Android, iOS, APIs, and cloud-native environments. The ideal candidate will also lead technical triage from our bug bounty program, integrate security into the DevOps lifecycle, and contribute to building a security-first engineering culture.

Required Skills & Experience:

• 4 to 5 years of solid hands-on experience in the VAPT domain

• Solid understanding of Web, Android, and iOS application security

• Experience with DevSecOps tools and integrating security into CI/CD

• Strong knowledge of cloud platforms (AWS/GCP/Azure) and their security models

• Familiarity with bug bounty programs and responsible disclosure practices

• Familiarity with tools like Burp Suite, MobSF, OWASP ZAP, Terraform, Checkov..etc

• Good knowledge of API security

• Scripting experience (Python, Bash, or similar) for automation tasks

Preferred Qualifications:

• OSCP, CEH, AWS Security Specialty, or similar certifications

• Experience working in a regulated environment (e.g., FinTech, InsurTech)

Responsibilities:

• Perform Security reviews, Vulnerability Assessments & Penetration Testing for Web, Android, iOS, and API endpoints

• Perform Threat Modelling & anticipate potential attack vectors and improve security architecture on complex or cross-functional components

• Identify and remediate OWASP Top 10 and mobile-specific vulnerabilities

• Conduct secure code reviews and red team assessments

• Integrate SAST, DAST, SCA, and secret scanning tools into CI/CD pipelines

• Automate security checks using tools like SonarQube, Snyk, Trivy, etc.

• Maintain and manage vulnerability scanning infrastructure

• Perform security assessments of AWS, Azure, and GCP environments, with an emphasis on container security, particularly for Docker and Kubernetes.

• Implement guardrails for IAM, network segmentation, encryption, and cloud monitoring

• Contribute to infrastructure hardening for containers, Kubernetes, and virtual machines

• Triage bug bounty reports and coordinate remediation with engineering teams

• Act as the primary responder for external security disclosures

• Maintain documentation and metrics related to bug bounty and penetration testing activities

• Collaborate with developers and architects to ensure secure design decisions

• Lead security design reviews for new features and products

• Provide actionable risk assessments and mitigation plans to stakeholders

• This role is 6 months contract role