ESA is responsible for the development and operation of assets that have very high tangible and intangible values. In this paper we describe ESA's undertakings to integrate security into its system development lifecycle and thus make its assets more resilient and secure in an evermore hostile global threat environment. These security engineering building blocks come in the form of standards, tools, and methodologies that are well integrated with each other and allow for an efficient & effective adaptation of security engineering practices into ESA system developments. Particular focus has been put on minimizing the engineering overhead created by the security engineering process.