When designing ClearanceJobs, we made security our top priority. Why? Because people with clearances have access to sensitive information relating to our country’s national security – and that affects everybody. To maintain the security of resumes posted by people with clearances on ClearanceJobs, a number of measures have been implemented.
When creating ClearanceJobs, we contacted the U.S. Defense Security Service to help us follow suggested guidelines, learn about potential threats, and fully understand what responsibilities employers and people with security clearances have to their country. Our system design maintains U.S. Defense Counterintelligence and Security Agency recommendations.
Authorized defense contractors who register their company with ClearanceJobs must provide the contact information of their company Facility Security Officer. We manually verify the legitimacy of each company and contact their security officer before that company can gain access to our resume database. Unlike other online job platforms, it is not possible to use a credit card to obtain access to the resume database. All employers must go through the manual screening process.
The ClearanceJobs site, servers, and databases are hosted and managed through Amazon Web Services (AWS), a cloud-based architecture system. There are many advantages to cloud architecture including reliability, security, access, and unlimited server capacity. Designated employees can manage the site from any location. When issues arise, the response time is quicker due to not having to travel to a defined location. Having a cloud-based solution also means that we are more secure. Only key employees can access the AWS services. There is no entry-point for unauthorized individuals to access stored ClearanceJobs data.
We have taken many steps to prevent unauthorized access to ClearanceJobs data. Server level security includes, but is not limited to, IP filtering, spam-mail prevention, and the use of strong encryption and/or PGP, along with Verisign’s SSL certificates. All unnecessary functions are disabled, or removed from the system entirely, such as X Windows and FTP. We have two-factor authentication for all server access across all environments.
We routinely perform security testing both internally and externally on our servers and software. We also perform security testing in pre-production environments to ensure that any vulnerabilities are identified and mitigated prior to release into our production environment. Our network is continuously monitored by a third-party company to determine if unauthorized persons are attempting to gain access or to head off a Denial of Service attack.
Safety, security, and privacy are critical priorities for security-cleared professionals, and ClearanceJobs takes that seriously. ClearanceJobs is protected using the same encryption software that banks use with end-to-end HTTPS traffic encryption.