I assure you that "fix vulns caused by memory safety issues through some means other than a total language shift" is not boring work, but the sort of problem that will happily get people promoted to L8. It is just hard as hell.
One of the people most involved in the systems described in the blog post that are used to harden the C++ side of things is a L9 here.
I more meant the mid range engineer work to just buckle down, test, and fix things. As in, just owning and cleaning up a lot of important projects, including third party ones.
Designing the ultimate everything sanitizer with zero performance overhead would surely be impressive even at Google. Especially if it was actually adopted across the org.
But "buckle down and own it" doesn't actually prevent vulns in any sort of systematic way.
And I assure you that, despite the memes, code health efforts do end up with promos here. The org responsible for third_party and large scale code health had above average promo rates for ages.
One of the people most involved in the systems described in the blog post that are used to harden the C++ side of things is a L9 here.