Listen to this Post

Introduction:
The recent hiring push by SISL Global for an IT Support Engineer in Riyadh underscores a growing demand for professionals who blend traditional troubleshooting with modern cybersecurity awareness. In today’s threat landscape, an IT support engineer must not only resolve printer issues and password resets but also identify phishing attempts, harden endpoints, and respond to security incidents using command-line tools across Linux and Windows environments. This article extracts the core technical competencies implied by the job post and provides actionable, hands-on guides to master them.
Learning Objectives:
- Diagnose and remediate network connectivity issues using native Linux and Windows commands.
- Implement basic endpoint hardening and malware detection techniques.
- Automate routine support tasks with PowerShell and Bash scripts.
You Should Know:
1. Network Troubleshooting & Security Diagnostics
Start with an extended version of what the post says: The IT Support Engineer role at SISL Global requires on-site support in Riyadh, implying hands-on work with network devices, user endpoints, and possibly servers. Employers look for candidates who can rapidly isolate faults while ensuring no security gaps are introduced. Below are essential commands and a step-by-step guide to diagnose connectivity and detect suspicious traffic.
Step‑by‑step guide:
- Linux – Check interface status and ARP poisoning:
`ip a` – List all network interfaces.
`arp -a` – View ARP table; look for duplicate or unexpected MAC addresses.
`sudo tcpdump -i eth0 -n -c 20` – Capture 20 packets to spot unusual protocols or outbound connections.
– Windows – Test connectivity and reset stack safely:
`ping -t 8.8.8.8` – Continuous ping to monitor stability.
`nslookup google.com` – Verify DNS resolution.
`netsh winsock reset` – Reset Winsock if malware altered settings (run as admin).
`Get-NetTCPConnection -State Listen` – PowerShell cmdlet to list listening ports for rogue services.
– Use case: A user reports slow internet. Run `ping` to measure latency; use `tracert` (Windows) or `traceroute` (Linux) to find hop delays; then cross-check ARP for MITM attacks. Document findings in a ticket and escalate if ARP anomalies appear.
2. Endpoint Hardening & Malware Scanning
Employers increasingly expect IT support to perform basic security hygiene before handing off to a SOC. This section covers commands to check for unauthorized software, disable risky services, and scan for known malware.
Step‑by‑step guide:
- Windows – Autoruns & service audit:
`Get-Service | Where-Object {$_.StartType -eq ‘Automatic’ -and $_.Status -ne ‘Running’}` – Find critical services that failed to start.
`schtasks /query /fo LIST /v` – List scheduled tasks; look for unfamiliar names.
Run `MicrosoftSafetyScanner.exe` (download from Microsoft) via command line: `msert /Q /F` – Quick scan and auto-remove threats. - Linux – Check for rootkits and unusual processes:
`sudo chkrootkit` – Install via apt/yum, then run to detect hidden processes.
`ss -tulpn` – Show listening TCP/UDP sockets with process names (replace obsoletenetstat).
`ps aux –sort=-%mem | head -10` – Top 10 memory-heavy processes; investigate unknown names. - Hardening command: On Linux, set `ufw default deny incoming` and `ufw allow from 192.168.1.0/24` to restrict access. On Windows, use `Set-NetFirewallProfile -Profile Public -Enabled True` via PowerShell.
- Automating User Account & Permission Audits (Active Directory / LDAP)
IT support often manages user access. With cybersecurity in mind, regular audits prevent privilege creep. The following commands assume access to domain controllers or local security policies.
Step‑by‑step guide:
- Windows (Domain environment):
`Get-ADUser -Filter -Properties LastLogonDate, PasswordLastSet, Enabled | Export-Csv C:\reports\users.csv` – Requires RSAT. Find accounts inactive for >90 days.
`net user username /domain` – Quick view of password expiry, logon hours.
To disable a compromised account: `Disable-ADAccount -Identity jdoe`.
- Linux (Local or LDAP):
`lastlog` – Show last login times; flag never-logged-in accounts.
`sudo passwd -l username` – Lock a user account.
For sudoers audit: `grep -r “^[^]” /etc/sudoers.d/ /etc/sudoers` – List all sudo rules. - Best practice: Automate monthly reporting with a scheduled task (Windows Task Scheduler or cron) that runs these commands and emails alerts for stale accounts.
4. Incident Response First Responder Commands
When a user clicks a phishing link, IT support must act quickly. This section provides a step‑by‑step triage workflow.
Step‑by‑step guide:
1. Isolate the endpoint:
- Windows: `ipconfig /release` – Immediately drop IP assignment. Or use `netsh advfirewall set allprofiles state on` and then
netsh advfirewall set currentprofile settings inboundusernotification enable? Better: `New-NetFirewallRule -DisplayName “BLOCK_OUT” -Direction Outbound -Action Block` – Blocks all outbound traffic. - Linux: `sudo ufw enable` then `sudo ufw default deny outgoing` – Quick isolation.
2. Capture running processes:
- Windows: `Get-Process | Export-Csv .\proc.csv` – Preserve for later analysis.
- Linux: `ps auxww > proc_list.txt`
3. Collect network connections:
- Windows: `netstat -anob > connections.txt` (requires admin).
- Linux: `ss -tunap > connections.txt`
4. Pull recent file changes:
- Windows: `Get-ChildItem C:\Users\$env:USERNAME\Downloads -Recurse | Where-Object {$_.LastWriteTime -gt (Get-Date).AddHours(-2)}`
- Linux: `find /home/user -type f -mmin -120`
5. Hand off to security team – Zip logs and send securely.
- Cloud & API Security Basics for IT Support
As SISL Global may use SaaS or hybrid cloud, support engineers should verify basic API security and cloud storage misconfigurations. No direct keys needed – focus on observation.
Step‑by‑step guide:
- Check for exposed Azure/O365 info (Windows):
`Get-AzureADUser -All $true | Select-Object UserPrincipalName, AccountEnabled` – Requires AzureAD module.
`Connect-ExchangeOnline` then `Get-Mailbox -ResultSize Unlimited | Get-MailboxPermission` – Spot over-permissioned mailboxes. - Linux – Test for public cloud metadata exposure (harden against SSRF):
`curl http://169.254.169.254/latest/meta-data/` – If this returns data from an internal EC2 instance, the IMDSv1 is enabled; recommend upgrading to IMDSv2.
– API endpoint sanity check: Use `curl -i https://api.example.com/health` to verify response headers for missing security headers (e.g.,Strict-Transport-Security). This is not a full pentest but a quick compliance glance.
What Undercode Say:
- Key Takeaway 1: The SISL Global job posting is deceptively simple; it actually demands a hybrid skillset where IT support acts as the first line of cyber defense. Mastering command-line troubleshooting and basic incident response commands dramatically increases hireability.
- Key Takeaway 2: Automating security checks (like user audits and network baselining) with PowerShell or Bash turns a reactive support role into a proactive risk reducer – a value proposition that stands out in Riyadh’s competitive IT market.
-
Analysis: The post doesn’t mention cybersecurity explicitly, but modern IT support in any reputable firm implicitly requires security awareness. Undercode notes that candidates who demonstrate proficiency in commands like
ss -tulpn,Get-NetTCPConnection, and basic isolation procedures will outperform those who rely solely on GUI tools. Moreover, the ability to document evidence for a SOC team during an incident is a soft skill that many junior engineers lack. The commands listed above – from `chkrootkit` to `netsh advfirewall` – are exactly what hiring managers test during technical interviews. Finally, understanding cloud metadata risks and API header checks shows forward-thinking adaptability, which is crucial as SISL Global expands its regional footprint.
Prediction:
Within 12–18 months, job descriptions for “IT Support Engineer” in the Gulf region will explicitly require proficiency in at least five of the command-line security tasks outlined above. As organizations adopt hybrid work and face rising ransomware attacks, the traditional helpdesk will merge with a “cyber hygiene engineer” role. We predict that training courses combining CompTIA Security+ with hands-on Linux/Windows security commands will become mandatory pre-hiring certifications, and platforms like Hack The Box will introduce “Support Track” labs. SISL Global’s current hiring may be a bellwether: candidates who can demonstrate live `tcpdump` analysis and PowerShell automation will command salaries 20–30% higher than those who cannot.
▶️ Related Video (68% Match):
🎯Let’s Practice For Free:
IT/Security Reporter URL:
Reported By: Hiring Share – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅


