Ransom Demand Negotiator

Title: Ransom Demand Negotiators

Work Location: US Resident (Mountain or Pacific Standard Time Preferred)

Reports To: Vice President, Consulting Services 

Summary:

Since 2009, Kivu has specialized in identifying, containing, and mitigating cyber threats. Boasting a legacy of over 16 years, Kivu has established itself as a global leader in incident response. In 2024, Kivu was acquired by Quorum Cyber, one of the fastest-growing cybersecurity companies in North America. Protecting over 400 customers across four continents, we deliver tailored, threat-led cybersecurity services that empower organizations to stay ahead of attackers, align security with business goals, and thrive in an unpredictable digital world. 

Our culture fosters innovation, collaboration, and continuous learning. We're passionate about cybersecurity and dedicated to building a supportive, inclusive environment where our team can develop, grow, and win. 

Job Description:

Kivu's global response business is rapidly growing, and we are recruiting a Ransom Demand Negotiator to work with our global customer base. As a Ransom Demand Negotiator, you will play a critical role in guiding organizations through ransomware incidents, directly engaging with threat actors and advising clients, legal teams, and insurers. You will work in a fast-paced, high-pressure, and highly collaborative environment alongside a diverse and talented team to support our mission to fight cybercrime and protect humanity. This role requires strong ethical judgment, the ability to synthesize

intelligence, and the capacity to manage complex, time-sensitive negotiations with calm, authority, and discretion. 

Required Knowledge, Skills, Abilities:

• Bachelor's or Master's degree in Cybersecurity, Intelligence, Law, or equivalent experience.
• Experience in ransom demand negotiations or consulting with victim organizations, legal counsel, and insurance providers, or equivalent expertise in high-stakes negotiation settings. 
• Strong knowledge of the ransomware ecosystem, including dark web forums, cyber threat intelligence platforms, and extortion tactics.
• Proactive, self-starter attitude with the ability to take initiative and drive projects forward independently. 
• Technical proficiency in identifying and researching forensic indicators of compromise within the following areas: DNS, digital forensics, encryption, and OSINT (open-source intelligence), or equivalent hands-on experience in cyber investigations. 
• Exceptional communication and interpersonal skills, with the ability to navigate high-stakes discussions and distill complex information for diverse audiences. 
• Strategic and creative problem-solving skills, with the ability to think critically, adapt to evolving challenges, and execute detailed instructions with precision, particularly in crisis-driven environments. 
• Ability to remain composed and effective under pressure, managing unpredictable challenges with professionalism and discretion. 
• Resilience and adaptability to manage high-pressure scenarios and unpredictable challenges. 
• Strong ethical judgement and awareness of legal considerations in cyber extortion cases. 
• Cultural awareness and sensitivity to navigate diverse research matters, recognizing how cultural, social, and linguistic norms may influence findings and interactions. 
• Highly proactive and self-driven, with the ability to work independently while seamlessly pivoting between multiple workstreams with efficiency and focus. 
• Proven ability to apply analytical thinking while effectively consulting, managing projects, collaborating in teams, and driving innovation.  
• Ability to handle on-call responsibilities and unpredictable challenges, including working unconventional hours with short notice. 
• Experience working in dynamic, fast-moving environment, including smaller teams and start-up organizations. 
• Passion for Cybersecurity

Preferred Qualifications:

• Fluency or proficiency in multiple languages, especially those relevant to ransomware threat actor groups. 
• Experience with offensive security reconnaissance, including OSINT, adversary tracking, or red team methodologies
• Background in cyber threat intelligence (CTI) with experience analyzing ransomware trends, tracking threat actor behaviors, or monitoring dark web forums. 
• Familiarity with cryptocurrency transactions, blockchain analysis, and tracing ransom payments. 
• Knowledge of legal, regulatory, and compliance considerations related to ransomware negotiations, including OFAC sanctions and industry-specific guidelines. 
• Experience working with cyber insurers, legal counsel, or law enforcement in cyber extortion cases.
• Strong public speaking or client-facing communication skills, with experience briefing executives or stakeholders in high-stakes situations. 
• Ability to simplify complex cybersecurity concepts for non-technical audiences, particularly business leaders and clients under pressure. 

Responsibilities and Duties: 

• Lead ransomware negotiations, managing direct communication with threat actors via chat, email., or other secure channels. 
• Advise and support clients, legal teams, and insurers by crafting strategic responses and managing expectations under high-pressure conditions. 
• Assess and strategize negotiations goals (buy time, gain intelligence, or reduce ransom demand).
• Monitor ransomware trends, leak sites, and threat actor behaviors, providing actionable intelligence to clients and internal teams. 
• Collaborate with DFIR (Digital Forensics & Incident Response) teams to align negotiation strategy with forensic findings. 
• Ensure compliance with legal and insurance requirements, adapting strategies based on jurisdictional nuances. 
• Communicate effectively with executive leadership, simplifying technical and tactical considerations for informed decision-making. 
• Document all negotiation activities with transparency and integrity. 
• Maintain strong relationships with key industry partners, including law firms and cyber insurers. 
• Be available for urgent incidents, including flexible and on-call hours as needed. 
• Actively participate in the development, documentation, and implementation of new processes to expand and mature capabilities for the organization. 

Equipment Used:

All equipment required to perform duties and tasks were previously described.

Physical / Environmental Factors:

The physical demands are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Kivu Consulting considers applicants for all positions without regards to race, color, national origin, age, religion, sex, marital status, veteran or military status, disability, or any other legally protected status.

Benefits:

• PTO
• Medical, Dental, and Vision
• 401k 
• Remote Work

Compensation90,000 - 140,000