I suggest you go to
https://school.cucumber.io and watch the training video they have up there. It's free and very informative.
What you're describing is a typical subversion of the BDD process. This happens when teams use the tools and the Gherkin format without understanding how they're supposed to be used and how the process actually works.
In summary, the BDD approach consists of three practices:
1. Discovery - this is where business, development, and test come together to have a "Three Amigos" conversation. They draw up examples of the different scenarios, without using the Gherkin format. There's a book on the Discovery phase written by Seb
Rose and Gaspar Nagy. They also wrote other books on each of the other practices I describe here. Nagy and Rose advise against using the Gherkin format during discovery. Focus on gathering specific examples and the behaviors of the system as users interact with it.
2. Formulation - after discovery, the team will have several concrete examples to feed into this step. Developers and testers will get together and formulate the Gherkin specifications. They will use the examples from Discovery to draw up different scenarios. They will then go back to the larger group and review the formulations to verify that they got everything right and that there was nothing missed. They could also bring up new examples they might have thought about during formulation or make suggestions on how to simplify the scenario. In the video on school.cucumber.io, they show examples of how the formulated specifications can actually be refactored as a result of the review.
3. Automation - this is when developers (and possibly testers) automate the tests by adding step definitions in the form of test code.
This is the overall BDD cycle and it feeds other parts of the development process, specifically the TDD cycle, where developers develop the functionality with the support of the BDD specifications, which basically become the acceptance tests.
How I would write your specifications:
Scenario: User navigates to the Security Page from the Home Page
Given the user has logged in
And is viewing the Home page
And has access to the Security page
When the user navigates to the Security page
Then the title on the page should be "Security Settings"
Note again that any mention of "click" and "hyperlink" should be avoided. These are implementation details. You want to avoid implementation details so that the test will still be valid even though the implementation may have changed. For example, somewhere down the road, a decision might be made to use a hamburger menu option instead of a hyperlink.
Again, I encourage you to educate yourself on the proper BDD process by going through the free tutorials on school.cucumber.io