The agile, evolving threat environment and the increasing cost of damage being inflicted is placing tremendous pressure on the systems engineering discipline to design and implement effective security capabilities. One promising approach is the application of agile systems architecture to the design of system security. In order to be successful, however, systems engineers and security engineers will need to adopt a common design language and a common reference architecture that supports the definition and design of a system that has both resilience and continuous evolution of security capability. This paper presents an approach to overcome these obstacles through application of model‐based systems engineering and use of enterprise architecture frameworks to address specific elements of an agile systems architecture which resides in both the design time and operating time domains.