The Native API, serving the purpose as a system call interface for subsystem environments, provides the Rtl section known as the Run-Time library as well as Loader and SxS (Side-by-Side Assembly) module source codes. The base library service of the Windows subsystem, Kernel32.dll, makes a call into NTDLL which in turn invokes a specific kernel mode service in the NT kernel to accomplish a request. User32.dll and Gdi32.dll libraries are exceptions as these make calls which are then trapped into kernel mode in Win32k.sys, not NTDLL!
With that said, whenever an application makes a function call to IsProcessInJob in Kernel32.dll library the call flow operation goes through NTDLL and then into the kernel
with the path leading to NtIsProcessInJob call. Windows ensures that whatever service call happening in user mode must be uniform, that is, the proper number of kernel mode services
in the NT kernel have to be requested for a specific work.