Identifying and analyzing security requirements is an essential part of the information systems engineering lifecycle. Several techniques have been introduced for comprehensively modeling such requirements. Once identified, security requirements must be translated into designs that allow domain actors to securely accomplish business tasks under given risk assumptions and contexts. Correctly translating requirements to such designs, however, can be challenging when considering both the complexity and specialized nature of security mechanisms, such as cryptography, and the role of varying practical and contextual aspects of the problem at hand in correctly applying such mechanisms. We propose a model-driven pattern-based approach for supporting the implementation of security requirements. Security requirements models, augmented with descriptions of contextual and threat assumptions, are combined with reusable domain-agnostic workflow patterns which model established ways for securely performing common business tasks. The combined models are compiled into a formal specification, whereby automated reasoning is applied for generating domain-appropriate workflows that satisfy the security requirements. Using the technique, analysts can efficiently explore the impact of different threat assumptions and pragmatic constraints to candidate security designs, while ensuring that the latter are consistent with tried-and-tested community knowledge.