This work describes a top down systems security requirements analysis approach for understanding and eliciting general security requirements for securing Software Factories (SF). More specifically, the System-Theoretic Process Analysis approach for Security (STPA-Sec) is used to understand and elicit systems security requirements for SFs. The effort employs STPA-Sec on the DoD Enterprise DevSecOps Reference Design to detail a conceptual approach to analyze SFs. The intent is to develop functional-level security requirements, design-level engineering considerations, and architectural-level security specification criteria early in the system life cycle. The aim is to secure the SFs themselves, enhancing the security of resulting software generated from the SF. These details were elaborated during a summer collaborative research effort by two United States Air Force Academy Systems Engineering cadets, working with a MITRE team of subject matter expertise (SME's), and guided by their instructor. This work provides insight into a viable systems security requirements analysis approach which results in traceable security, safety, and resiliency requirements that can be designed-for, built-to, and verified with confidence.