A new GCHQ careers recruitment website seems to have been launched this week at www.gchq-careers.co.uk
This is again, like the MI6 Officers website (see our previous blog article - Yet Another MI6 Secret Intelligence Service recruitment website), a Government website which has been outsourced to a recruitment agency, in this case to TMP Worldwide
For no good reason, this website does not bother to use a ".gov.uk" domain name for credibility, and it could therefore be potentially vulnerable to typo squatters and fake confidential CV phishing websites.
Again, there is a bit of Flash, but at least the job vacancy pages and the email alert subscription pages do actually seem to be run from an SSL / TLS encrypted webserver.
However, the fact that the SSL encrypted sessions are running from the".i-grasp.com" domain, might, very reasonably, put off some IT security aware candidates from applying via this method, but, unfortunately, some of the advertised vacancies only allow online applications.
GCHQ also seems to be competing for some of the same potential recruits as the Secret Intelligence Service MI6 and the Security Service MI5.
"i-grasp.com" is a subsidiary of StepStone Solutions, who seem to be a multi-national recruitment software company, with offices from the USA, Latin America, most of Europe and including the Russian Federation, the Middle East and Asia.
Does this mean that they have wide experience and are highly professional in online recruitment, or does it mean that copies of all the personal details and confidential CV's of key GCHQ staff will be available to foreign intelligence agencies, directly or indirectly through their international branch offices ?
Why does this www.gchq-careers.co.uk website use third party, USA based Google Analytics code for tracking visitors ? Even if GCHQ cannot do a better job at analysing web site visitor data, surely they should be running such software in house, rather than leaking information to foreign companies and intelligence agencies ?
Whilst this might be reasonable for commercial recruitment, is this really how the people who will be privy to some of our most sensitive national security secrets, should be recruited ?
Why could they not run the i-grasp recruitment website software on a GCHQ managed web server, using a .gchq.gov.uk sub-domain name, with a matching Digital Certificate ?