And my password is quite long - more than 30 characters. Such a password will probably be very difficult to guess using the brute force method.
It depends massively on which thirty characters you have chosen. Something like 11111.... or abcdef.... could be brute forced very quickly. If your passphrase is the first name of all your immediate familiar members concatenated together, or something else which could potentially be guessed (or least, guessed enough to massively reduce the search space), then that is also potentially brute forcable. If, on the other hand, your passphrase is 30 random characters and looks something like 9&!hC)zR$x[.... then it will effectively never be brute forced.
Or will he get twice the waiting time every time if the password is incorrect?
As above, the seed phrase can be extracted from Trezor devices by a knowledgeable attacker with physical access to the device. After they have the seed phrase, they no longer need the Trezor device and certainly do not have to use it to try to brute force the passphrase and be subjected to its timeouts. They can set up a piece of software on any computer (or even, across multiple computers they own or even rent cloud computing) to start brute forcing various passphrases and looking for funds.